Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Please Help With Hijack this

Reply
Thread Tools

Please Help With Hijack this

 
 
Kevin Garrett
Guest
Posts: n/a
 
      09-02-2005
I beleive my girlfriends computer got hijacked. She has run ad-aware and
attempted to run spybot 1.4. Spybot would not update the definitions but
I was able to do it manually. Still she is blocked from certain sites
including security.kolla.de, www.safer-networking.org, and
www.spywareinfo.com as well as others. The system is a Dell Dimension
2400 running XP SP2.

Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
the log. Thanks, Kevin

Logfile of HijackThis v1.99.1
Scan saved at 6:38:47 PM, on 9/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.google.com/
O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
Security\UrlLstCk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
\InstallStub.exe -a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files
\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files
\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files
\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
\NPBelv32.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
- https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
- C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Reply With Quote
 
 
 
 
pcbutts1
Guest
Posts: n/a
 
      09-02-2005
Man they got her good. Have hijackthis fix the following lines by placing a
check mark in each box and clicking on fix checked .

O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

Once done then Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/d...displaylang=en



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Kevin Garrett" <(E-Mail Removed)> wrote in message
news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156...
>I beleive my girlfriends computer got hijacked. She has run ad-aware and
> attempted to run spybot 1.4. Spybot would not update the definitions but
> I was able to do it manually. Still she is blocked from certain sites
> including security.kolla.de, www.safer-networking.org, and
> www.spywareinfo.com as well as others. The system is a Dell Dimension
> 2400 running XP SP2.
>
> Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
> the log. Thanks, Kevin
>
> Logfile of HijackThis v1.99.1
> Scan saved at 6:38:47 PM, on 9/1/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\WINDOWS\system32\hkcmd.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Dell Support\DSAgnt.exe
> C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
> \HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://news.google.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://news.google.com/
> O1 - Hosts: 127.0.0.0 localhost
> O1 - Hosts: 127.0.0.2 auditmypc.com
> O1 - Hosts: 127.0.0.4 bulletproofsoft.net
> O1 - Hosts: 127.0.0.5 camtech2000.net
> O1 - Hosts: 127.0.0.6 cexx.org
> O1 - Hosts: 127.0.0.7 computercops.us
> O1 - Hosts: 127.0.0.8 ct7support.com
> O1 - Hosts: 127.0.0.9 doxdesk.com
> O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
> O1 - Hosts: 127.0.0.21 kephyr.com
> O1 - Hosts: 127.0.0.24 lurkhere.com
> O1 - Hosts: 127.0.0.25 majorgeeks.com
> O1 - Hosts: 127.0.0.26 merijn.org
> O1 - Hosts: 127.0.0.27 mjc1.com
> O1 - Hosts: 127.0.0.28 moosoft.com
> O1 - Hosts: 127.0.0.29 mvps.org
> O1 - Hosts: 127.0.0.30 net-integration.net
> O1 - Hosts: 127.0.0.31 noadware.net
> O1 - Hosts: 127.0.0.32 no-spybot.com
> O1 - Hosts: 127.0.0.33 onlinepcfix.com
> O1 - Hosts: 127.0.0.34 pchell.com
> O1 - Hosts: 127.0.0.35 pestpatrol.com
> O1 - Hosts: 127.0.0.36 safer-networking.org
> O1 - Hosts: 127.0.0.37 secure.spykiller.com
> O1 - Hosts: 127.0.0.38 secureie.com
> O1 - Hosts: 127.0.0.39 security.kolla.de
> O1 - Hosts: 127.0.0.40 spybot.info
> O1 - Hosts: 127.0.0.41 spychecker.com
> O1 - Hosts: 127.0.0.42 spychecker.com
> O1 - Hosts: 127.0.0.43 spycop.com
> O1 - Hosts: 127.0.0.44 spyguard.com
> O1 - Hosts: 127.0.0.45 spykiller.com
> O1 - Hosts: 127.0.0.46 spyware.co.uk
> O1 - Hosts: 127.0.0.47 spyware-cop.com
> O1 - Hosts: 127.0.0.48 spywareinfo.com
> O1 - Hosts: 127.0.0.49 spywarenuker.com
> O1 - Hosts: 127.0.0.50 spywareremove.com
> O1 - Hosts: 127.0.0.51 spywareremove.com
> O1 - Hosts: 127.0.0.52 stopzillapro.com
> O1 - Hosts: 127.0.0.53 sunbelt-software.com
> O1 - Hosts: 127.0.0.54 thiefware.com
> O1 - Hosts: 127.0.0.55 tomcoyote.org
> O1 - Hosts: 127.0.0.56 unwantedlinks.com
> O1 - Hosts: 127.0.0.57 webattack.com
> O1 - Hosts: 127.0.0.58 wilders.org
> O1 - Hosts: 127.0.0.59 www.auditmypc.com
> O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
> O1 - Hosts: 127.0.0.61 www.cexx.org
> O1 - Hosts: 127.0.0.62 www.computercops.us
> O1 - Hosts: 127.0.0.63 www.ct7support.com
> O1 - Hosts: 127.0.0.64 www.doxdesk.com
> O1 - Hosts: 127.0.0.65 www.eblocs.com
> O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
> O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
> O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
> O1 - Hosts: 127.0.0.69 www.grc.com
> O1 - Hosts: 127.0.0.70 www.grisoft.com
> O1 - Hosts: 127.0.0.71 www.hackfaq.org
> O1 - Hosts: 127.0.0.72 www.hazeleger.net
> O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
> O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
> O1 - Hosts: 127.0.0.75 www.kephyr.com
> O1 - Hosts: 127.0.0.78 www.lurkhere.com
> O1 - Hosts: 127.0.0.79 www.majorgeeks.com
> O1 - Hosts: 127.0.0.80 www.merijn.org
> O1 - Hosts: 127.0.0.81 www.mjc1.com
> O1 - Hosts: 127.0.0.82 www.moosoft.com
> O1 - Hosts: 127.0.0.83 www.mvps.org
> O1 - Hosts: 127.0.0.84 www.net-integration.net
> O1 - Hosts: 127.0.0.85 www.noadware.net
> O1 - Hosts: 127.0.0.86 www.no-spybot.com
> O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
> O1 - Hosts: 127.0.0.88 www.pchell.com
> O1 - Hosts: 127.0.0.89 www.pestpatrol.com
> O1 - Hosts: 127.0.0.90 www.safer-networking.org
> O1 - Hosts: 127.0.0.91 www.secureie.com
> O1 - Hosts: 127.0.0.92 www.security.kolla.de
> O1 - Hosts: 127.0.0.93 www.spybot.info
> O1 - Hosts: 127.0.0.94 www.spychecker.com
> O1 - Hosts: 127.0.0.95 www.spychecker.com
> O1 - Hosts: 127.0.0.96 www.spycop.com
> O1 - Hosts: 127.0.0.97 www.spyguard.com
> O1 - Hosts: 127.0.0.98 www.spykiller.com
> O1 - Hosts: 127.0.0.99 www.spyware.co.uk
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
> 1\SPYBOT~1\SDHelper.dll
> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
> O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
> \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
> - c:\program files\google\googletoolbar1.dll
> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
> \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
> \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
> \program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
> \PCMService.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
> \qttask.exe" -atboottime
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
> \ccApp.exe"
> O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
> Security\UrlLstCk.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
> \Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
> \SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
> \mmtask.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
> \bin\jusched.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
> \msmsgs.exe" /background
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
> \DSAgnt.exe" /startup
> O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
> \InstallStub.exe -a
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
> \NaturallySpeaking\Program\natspeak.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://c:\program files
> \google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: Backward Links - res://c:\program files
> \google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
> files\google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://c:\program files
> \google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English - res://c:\program
> files\google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
> 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
> \WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
> \NPBelv32.dll
> O15 - Trusted Zone: *.musicmatch.com
> O15 - Trusted Zone: *.musicmatch.com (HKLM)
> O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
> https://www.plaxo.com/down/latest/PlaxoInstall.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
> - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
> AntiVirus\navapsvc.exe
> O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> Internet Security\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
> - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
> \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



 
Reply With Quote
 
 
 
 
PC
Guest
Posts: n/a
 
      09-02-2005
"Kevin Garrett" <(E-Mail Removed)> wrote in message
news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156...
>I beleive my girlfriends computer got hijacked. She has run ad-aware and
> attempted to run spybot 1.4. Spybot would not update the definitions but
> I was able to do it manually. Still she is blocked from certain sites
> including security.kolla.de, www.safer-networking.org, and
> www.spywareinfo.com as well as others. The system is a Dell Dimension
> 2400 running XP SP2.
>
> Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
> the log. Thanks, Kevin
>
> Logfile of HijackThis v1.99.1
> Scan saved at 6:38:47 PM, on 9/1/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\WINDOWS\system32\hkcmd.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Dell Support\DSAgnt.exe
> C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
> \HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://news.google.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://news.google.com/
> O1 - Hosts: 127.0.0.0 localhost
> O1 - Hosts: 127.0.0.2 auditmypc.com
> O1 - Hosts: 127.0.0.4 bulletproofsoft.net
> O1 - Hosts: 127.0.0.5 camtech2000.net
> O1 - Hosts: 127.0.0.6 cexx.org
> O1 - Hosts: 127.0.0.7 computercops.us
> O1 - Hosts: 127.0.0.8 ct7support.com
> O1 - Hosts: 127.0.0.9 doxdesk.com
> O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
> O1 - Hosts: 127.0.0.21 kephyr.com
> O1 - Hosts: 127.0.0.24 lurkhere.com
> O1 - Hosts: 127.0.0.25 majorgeeks.com
> O1 - Hosts: 127.0.0.26 merijn.org
> O1 - Hosts: 127.0.0.27 mjc1.com
> O1 - Hosts: 127.0.0.28 moosoft.com
> O1 - Hosts: 127.0.0.29 mvps.org
> O1 - Hosts: 127.0.0.30 net-integration.net
> O1 - Hosts: 127.0.0.31 noadware.net
> O1 - Hosts: 127.0.0.32 no-spybot.com
> O1 - Hosts: 127.0.0.33 onlinepcfix.com
> O1 - Hosts: 127.0.0.34 pchell.com
> O1 - Hosts: 127.0.0.35 pestpatrol.com
> O1 - Hosts: 127.0.0.36 safer-networking.org
> O1 - Hosts: 127.0.0.37 secure.spykiller.com
> O1 - Hosts: 127.0.0.38 secureie.com
> O1 - Hosts: 127.0.0.39 security.kolla.de
> O1 - Hosts: 127.0.0.40 spybot.info
> O1 - Hosts: 127.0.0.41 spychecker.com
> O1 - Hosts: 127.0.0.42 spychecker.com
> O1 - Hosts: 127.0.0.43 spycop.com
> O1 - Hosts: 127.0.0.44 spyguard.com
> O1 - Hosts: 127.0.0.45 spykiller.com
> O1 - Hosts: 127.0.0.46 spyware.co.uk
> O1 - Hosts: 127.0.0.47 spyware-cop.com
> O1 - Hosts: 127.0.0.48 spywareinfo.com
> O1 - Hosts: 127.0.0.49 spywarenuker.com
> O1 - Hosts: 127.0.0.50 spywareremove.com
> O1 - Hosts: 127.0.0.51 spywareremove.com
> O1 - Hosts: 127.0.0.52 stopzillapro.com
> O1 - Hosts: 127.0.0.53 sunbelt-software.com
> O1 - Hosts: 127.0.0.54 thiefware.com
> O1 - Hosts: 127.0.0.55 tomcoyote.org
> O1 - Hosts: 127.0.0.56 unwantedlinks.com
> O1 - Hosts: 127.0.0.57 webattack.com
> O1 - Hosts: 127.0.0.58 wilders.org
> O1 - Hosts: 127.0.0.59 www.auditmypc.com
> O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
> O1 - Hosts: 127.0.0.61 www.cexx.org
> O1 - Hosts: 127.0.0.62 www.computercops.us
> O1 - Hosts: 127.0.0.63 www.ct7support.com
> O1 - Hosts: 127.0.0.64 www.doxdesk.com
> O1 - Hosts: 127.0.0.65 www.eblocs.com
> O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
> O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
> O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
> O1 - Hosts: 127.0.0.69 www.grc.com
> O1 - Hosts: 127.0.0.70 www.grisoft.com
> O1 - Hosts: 127.0.0.71 www.hackfaq.org
> O1 - Hosts: 127.0.0.72 www.hazeleger.net
> O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
> O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
> O1 - Hosts: 127.0.0.75 www.kephyr.com
> O1 - Hosts: 127.0.0.78 www.lurkhere.com
> O1 - Hosts: 127.0.0.79 www.majorgeeks.com
> O1 - Hosts: 127.0.0.80 www.merijn.org
> O1 - Hosts: 127.0.0.81 www.mjc1.com
> O1 - Hosts: 127.0.0.82 www.moosoft.com
> O1 - Hosts: 127.0.0.83 www.mvps.org
> O1 - Hosts: 127.0.0.84 www.net-integration.net
> O1 - Hosts: 127.0.0.85 www.noadware.net
> O1 - Hosts: 127.0.0.86 www.no-spybot.com
> O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
> O1 - Hosts: 127.0.0.88 www.pchell.com
> O1 - Hosts: 127.0.0.89 www.pestpatrol.com
> O1 - Hosts: 127.0.0.90 www.safer-networking.org
> O1 - Hosts: 127.0.0.91 www.secureie.com
> O1 - Hosts: 127.0.0.92 www.security.kolla.de
> O1 - Hosts: 127.0.0.93 www.spybot.info
> O1 - Hosts: 127.0.0.94 www.spychecker.com
> O1 - Hosts: 127.0.0.95 www.spychecker.com
> O1 - Hosts: 127.0.0.96 www.spycop.com
> O1 - Hosts: 127.0.0.97 www.spyguard.com
> O1 - Hosts: 127.0.0.98 www.spykiller.com
> O1 - Hosts: 127.0.0.99 www.spyware.co.uk
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
> 1\SPYBOT~1\SDHelper.dll
> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
> O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
> \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
> - c:\program files\google\googletoolbar1.dll
> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
> \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
> \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
> \program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
> \PCMService.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
> \qttask.exe" -atboottime
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
> \ccApp.exe"
> O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
> Security\UrlLstCk.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
> \Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
> \SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
> \mmtask.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
> \bin\jusched.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
> \msmsgs.exe" /background
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
> \DSAgnt.exe" /startup
> O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
> \InstallStub.exe -a
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
> \NaturallySpeaking\Program\natspeak.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://c:\program files
> \google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: Backward Links - res://c:\program files
> \google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
> files\google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://c:\program files
> \google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English - res://c:\program
> files\google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
> 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
> \WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
> \NPBelv32.dll
> O15 - Trusted Zone: *.musicmatch.com
> O15 - Trusted Zone: *.musicmatch.com (HKLM)
> O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
> https://www.plaxo.com/down/latest/PlaxoInstall.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
> - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
> AntiVirus\navapsvc.exe
> O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> Internet Security\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
> - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
> \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries
They are blocking you going to antivirus and antispyware sites (amongst
others)
for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping you
getting the Spybot updates.

Once you have removed these entries reboot into safe mode and do your
antivirus and antispyware scans.

Cheers
Paul.


 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      09-02-2005
Man they got her good. Have hijackthis fix the following lines by placing a
check mark in each box and clicking on fix checked .

O1 - Hosts: 127.0.0.0 localhost
O1 - Hosts: 127.0.0.2 auditmypc.com
O1 - Hosts: 127.0.0.4 bulletproofsoft.net
O1 - Hosts: 127.0.0.5 camtech2000.net
O1 - Hosts: 127.0.0.6 cexx.org
O1 - Hosts: 127.0.0.7 computercops.us
O1 - Hosts: 127.0.0.8 ct7support.com
O1 - Hosts: 127.0.0.9 doxdesk.com
O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
O1 - Hosts: 127.0.0.21 kephyr.com
O1 - Hosts: 127.0.0.24 lurkhere.com
O1 - Hosts: 127.0.0.25 majorgeeks.com
O1 - Hosts: 127.0.0.26 merijn.org
O1 - Hosts: 127.0.0.27 mjc1.com
O1 - Hosts: 127.0.0.28 moosoft.com
O1 - Hosts: 127.0.0.29 mvps.org
O1 - Hosts: 127.0.0.30 net-integration.net
O1 - Hosts: 127.0.0.31 noadware.net
O1 - Hosts: 127.0.0.32 no-spybot.com
O1 - Hosts: 127.0.0.33 onlinepcfix.com
O1 - Hosts: 127.0.0.34 pchell.com
O1 - Hosts: 127.0.0.35 pestpatrol.com
O1 - Hosts: 127.0.0.36 safer-networking.org
O1 - Hosts: 127.0.0.37 secure.spykiller.com
O1 - Hosts: 127.0.0.38 secureie.com
O1 - Hosts: 127.0.0.39 security.kolla.de
O1 - Hosts: 127.0.0.40 spybot.info
O1 - Hosts: 127.0.0.41 spychecker.com
O1 - Hosts: 127.0.0.42 spychecker.com
O1 - Hosts: 127.0.0.43 spycop.com
O1 - Hosts: 127.0.0.44 spyguard.com
O1 - Hosts: 127.0.0.45 spykiller.com
O1 - Hosts: 127.0.0.46 spyware.co.uk
O1 - Hosts: 127.0.0.47 spyware-cop.com
O1 - Hosts: 127.0.0.48 spywareinfo.com
O1 - Hosts: 127.0.0.49 spywarenuker.com
O1 - Hosts: 127.0.0.50 spywareremove.com
O1 - Hosts: 127.0.0.51 spywareremove.com
O1 - Hosts: 127.0.0.52 stopzillapro.com
O1 - Hosts: 127.0.0.53 sunbelt-software.com
O1 - Hosts: 127.0.0.54 thiefware.com
O1 - Hosts: 127.0.0.55 tomcoyote.org
O1 - Hosts: 127.0.0.56 unwantedlinks.com
O1 - Hosts: 127.0.0.57 webattack.com
O1 - Hosts: 127.0.0.58 wilders.org
O1 - Hosts: 127.0.0.59 www.auditmypc.com
O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
O1 - Hosts: 127.0.0.61 www.cexx.org
O1 - Hosts: 127.0.0.62 www.computercops.us
O1 - Hosts: 127.0.0.63 www.ct7support.com
O1 - Hosts: 127.0.0.64 www.doxdesk.com
O1 - Hosts: 127.0.0.65 www.eblocs.com
O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
O1 - Hosts: 127.0.0.69 www.grc.com
O1 - Hosts: 127.0.0.70 www.grisoft.com
O1 - Hosts: 127.0.0.71 www.hackfaq.org
O1 - Hosts: 127.0.0.72 www.hazeleger.net
O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
O1 - Hosts: 127.0.0.75 www.kephyr.com
O1 - Hosts: 127.0.0.78 www.lurkhere.com
O1 - Hosts: 127.0.0.79 www.majorgeeks.com
O1 - Hosts: 127.0.0.80 www.merijn.org
O1 - Hosts: 127.0.0.81 www.mjc1.com
O1 - Hosts: 127.0.0.82 www.moosoft.com
O1 - Hosts: 127.0.0.83 www.mvps.org
O1 - Hosts: 127.0.0.84 www.net-integration.net
O1 - Hosts: 127.0.0.85 www.noadware.net
O1 - Hosts: 127.0.0.86 www.no-spybot.com
O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
O1 - Hosts: 127.0.0.88 www.pchell.com
O1 - Hosts: 127.0.0.89 www.pestpatrol.com
O1 - Hosts: 127.0.0.90 www.safer-networking.org
O1 - Hosts: 127.0.0.91 www.secureie.com
O1 - Hosts: 127.0.0.92 www.security.kolla.de
O1 - Hosts: 127.0.0.93 www.spybot.info
O1 - Hosts: 127.0.0.94 www.spychecker.com
O1 - Hosts: 127.0.0.95 www.spychecker.com
O1 - Hosts: 127.0.0.96 www.spycop.com
O1 - Hosts: 127.0.0.97 www.spyguard.com
O1 - Hosts: 127.0.0.98 www.spykiller.com
O1 - Hosts: 127.0.0.99 www.spyware.co.uk
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

Once done then Download, install, update and run all of the following.

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/d...displaylang=en




--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Kevin Garrett" <(E-Mail Removed)> wrote in message
news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156...
>I beleive my girlfriends computer got hijacked. She has run ad-aware and
> attempted to run spybot 1.4. Spybot would not update the definitions but
> I was able to do it manually. Still she is blocked from certain sites
> including security.kolla.de, www.safer-networking.org, and
> www.spywareinfo.com as well as others. The system is a Dell Dimension
> 2400 running XP SP2.
>
> Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
> the log. Thanks, Kevin
>
> Logfile of HijackThis v1.99.1
> Scan saved at 6:38:47 PM, on 9/1/2005
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
> C:\WINDOWS\system32\hkcmd.exe
> C:\Program Files\Dell\Media Experience\PCMService.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
> C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
> C:\Program Files\Messenger\msmsgs.exe
> C:\Program Files\Dell Support\DSAgnt.exe
> C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
> \HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://news.google.com/
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.dell4me.com/myway
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://news.google.com/
> O1 - Hosts: 127.0.0.0 localhost
> O1 - Hosts: 127.0.0.2 auditmypc.com
> O1 - Hosts: 127.0.0.4 bulletproofsoft.net
> O1 - Hosts: 127.0.0.5 camtech2000.net
> O1 - Hosts: 127.0.0.6 cexx.org
> O1 - Hosts: 127.0.0.7 computercops.us
> O1 - Hosts: 127.0.0.8 ct7support.com
> O1 - Hosts: 127.0.0.9 doxdesk.com
> O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
> O1 - Hosts: 127.0.0.21 kephyr.com
> O1 - Hosts: 127.0.0.24 lurkhere.com
> O1 - Hosts: 127.0.0.25 majorgeeks.com
> O1 - Hosts: 127.0.0.26 merijn.org
> O1 - Hosts: 127.0.0.27 mjc1.com
> O1 - Hosts: 127.0.0.28 moosoft.com
> O1 - Hosts: 127.0.0.29 mvps.org
> O1 - Hosts: 127.0.0.30 net-integration.net
> O1 - Hosts: 127.0.0.31 noadware.net
> O1 - Hosts: 127.0.0.32 no-spybot.com
> O1 - Hosts: 127.0.0.33 onlinepcfix.com
> O1 - Hosts: 127.0.0.34 pchell.com
> O1 - Hosts: 127.0.0.35 pestpatrol.com
> O1 - Hosts: 127.0.0.36 safer-networking.org
> O1 - Hosts: 127.0.0.37 secure.spykiller.com
> O1 - Hosts: 127.0.0.38 secureie.com
> O1 - Hosts: 127.0.0.39 security.kolla.de
> O1 - Hosts: 127.0.0.40 spybot.info
> O1 - Hosts: 127.0.0.41 spychecker.com
> O1 - Hosts: 127.0.0.42 spychecker.com
> O1 - Hosts: 127.0.0.43 spycop.com
> O1 - Hosts: 127.0.0.44 spyguard.com
> O1 - Hosts: 127.0.0.45 spykiller.com
> O1 - Hosts: 127.0.0.46 spyware.co.uk
> O1 - Hosts: 127.0.0.47 spyware-cop.com
> O1 - Hosts: 127.0.0.48 spywareinfo.com
> O1 - Hosts: 127.0.0.49 spywarenuker.com
> O1 - Hosts: 127.0.0.50 spywareremove.com
> O1 - Hosts: 127.0.0.51 spywareremove.com
> O1 - Hosts: 127.0.0.52 stopzillapro.com
> O1 - Hosts: 127.0.0.53 sunbelt-software.com
> O1 - Hosts: 127.0.0.54 thiefware.com
> O1 - Hosts: 127.0.0.55 tomcoyote.org
> O1 - Hosts: 127.0.0.56 unwantedlinks.com
> O1 - Hosts: 127.0.0.57 webattack.com
> O1 - Hosts: 127.0.0.58 wilders.org
> O1 - Hosts: 127.0.0.59 www.auditmypc.com
> O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
> O1 - Hosts: 127.0.0.61 www.cexx.org
> O1 - Hosts: 127.0.0.62 www.computercops.us
> O1 - Hosts: 127.0.0.63 www.ct7support.com
> O1 - Hosts: 127.0.0.64 www.doxdesk.com
> O1 - Hosts: 127.0.0.65 www.eblocs.com
> O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
> O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
> O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
> O1 - Hosts: 127.0.0.69 www.grc.com
> O1 - Hosts: 127.0.0.70 www.grisoft.com
> O1 - Hosts: 127.0.0.71 www.hackfaq.org
> O1 - Hosts: 127.0.0.72 www.hazeleger.net
> O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
> O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
> O1 - Hosts: 127.0.0.75 www.kephyr.com
> O1 - Hosts: 127.0.0.78 www.lurkhere.com
> O1 - Hosts: 127.0.0.79 www.majorgeeks.com
> O1 - Hosts: 127.0.0.80 www.merijn.org
> O1 - Hosts: 127.0.0.81 www.mjc1.com
> O1 - Hosts: 127.0.0.82 www.moosoft.com
> O1 - Hosts: 127.0.0.83 www.mvps.org
> O1 - Hosts: 127.0.0.84 www.net-integration.net
> O1 - Hosts: 127.0.0.85 www.noadware.net
> O1 - Hosts: 127.0.0.86 www.no-spybot.com
> O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
> O1 - Hosts: 127.0.0.88 www.pchell.com
> O1 - Hosts: 127.0.0.89 www.pestpatrol.com
> O1 - Hosts: 127.0.0.90 www.safer-networking.org
> O1 - Hosts: 127.0.0.91 www.secureie.com
> O1 - Hosts: 127.0.0.92 www.security.kolla.de
> O1 - Hosts: 127.0.0.93 www.spybot.info
> O1 - Hosts: 127.0.0.94 www.spychecker.com
> O1 - Hosts: 127.0.0.95 www.spychecker.com
> O1 - Hosts: 127.0.0.96 www.spycop.com
> O1 - Hosts: 127.0.0.97 www.spyguard.com
> O1 - Hosts: 127.0.0.98 www.spykiller.com
> O1 - Hosts: 127.0.0.99 www.spyware.co.uk
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
> 1\SPYBOT~1\SDHelper.dll
> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
> O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
> \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
> - c:\program files\google\googletoolbar1.dll
> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
> \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
> O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
> \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
> \program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
> \PCMService.exe"
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
> \qttask.exe" -atboottime
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
> \ccApp.exe"
> O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
> Security\UrlLstCk.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
> \Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
> \SNDMon.exe /Consumer
> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
> \mmtask.exe
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
> \bin\jusched.exe
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
> \msmsgs.exe" /background
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
> \DSAgnt.exe" /startup
> O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
> \InstallStub.exe -a
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
> \NaturallySpeaking\Program\natspeak.exe
> O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
> Office\Office\OSA9.EXE
> O8 - Extra context menu item: &Google Search - res://c:\program files
> \google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: Backward Links - res://c:\program files
> \google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
> files\google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Similar Pages - res://c:\program files
> \google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English - res://c:\program
> files\google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
> 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
> \WINDOWS\System32\Shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
> \NPBelv32.dll
> O15 - Trusted Zone: *.musicmatch.com
> O15 - Trusted Zone: *.musicmatch.com (HKLM)
> O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
> https://www.plaxo.com/down/latest/PlaxoInstall.cab
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
> O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
> scanner) -
> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
> Class) -
> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
> - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
> Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
> AntiVirus\navapsvc.exe
> O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> Internet Security\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
> - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
> \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



 
Reply With Quote
 
ellis_jay
Guest
Posts: n/a
 
      09-05-2005
PC wrote:
> "Kevin Garrett" <(E-Mail Removed)> wrote in message
> news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156...
>> I beleive my girlfriends computer got hijacked. She has run
>> ad-aware and attempted to run spybot 1.4. Spybot would not update
>> the definitions but I was able to do it manually. Still she is
>> blocked from certain sites including security.kolla.de,
>> www.safer-networking.org, and www.spywareinfo.com as well as others.
>> The system is a Dell Dimension 2400 running XP SP2.
>>
>> Anyway, we downloaded and ran Hijackthis. Hoping someone can
>> interpret the log. Thanks, Kevin
>>
>> Logfile of HijackThis v1.99.1
>> Scan saved at 6:38:47 PM, on 9/1/2005
>> Platform: Windows XP SP2 (WinNT 5.01.2600)
>> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>>
>> Running processes:
>> C:\WINDOWS\System32\smss.exe
>> C:\WINDOWS\system32\winlogon.exe
>> C:\WINDOWS\system32\services.exe
>> C:\WINDOWS\system32\lsass.exe
>> C:\WINDOWS\system32\svchost.exe
>> C:\WINDOWS\System32\svchost.exe
>> C:\WINDOWS\system32\spoolsv.exe
>> C:\WINDOWS\Explorer.EXE
>> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
>> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
>> C:\Program Files\Norton Internet Security\Norton
>> AntiVirus\navapsvc.exe C:\Program Files\Norton Internet
>> Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common
>> Files\Symantec Shared\SNDSrvc.exe
>> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
>> C:\Program Files\Common Files\Symantec Shared\Security
>> Center\SymWSC.exe C:\WINDOWS\system32\hkcmd.exe
>> C:\Program Files\Dell\Media Experience\PCMService.exe
>> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
>> C:\Program Files\Internet Explorer\iexplore.exe
>> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
>> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
>> C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
>> C:\Program Files\Messenger\msmsgs.exe
>> C:\Program Files\Dell Support\DSAgnt.exe
>> C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
>> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
>> C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe
>> C:\PROGRA~1\WINZIP\winzip32.exe
>> C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
>> \HijackThis.exe
>>
>> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
>> = http://www.dell4me.com/myway
>> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://news.google.com/
>> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
>> = http://www.dell4me.com/myway
>> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
>> http://news.google.com/
>> O1 - Hosts: 127.0.0.0 localhost
>> O1 - Hosts: 127.0.0.2 auditmypc.com
>> O1 - Hosts: 127.0.0.4 bulletproofsoft.net
>> O1 - Hosts: 127.0.0.5 camtech2000.net
>> O1 - Hosts: 127.0.0.6 cexx.org
>> O1 - Hosts: 127.0.0.7 computercops.us
>> O1 - Hosts: 127.0.0.8 ct7support.com
>> O1 - Hosts: 127.0.0.9 doxdesk.com
>> O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
>> O1 - Hosts: 127.0.0.21 kephyr.com
>> O1 - Hosts: 127.0.0.24 lurkhere.com
>> O1 - Hosts: 127.0.0.25 majorgeeks.com
>> O1 - Hosts: 127.0.0.26 merijn.org
>> O1 - Hosts: 127.0.0.27 mjc1.com
>> O1 - Hosts: 127.0.0.28 moosoft.com
>> O1 - Hosts: 127.0.0.29 mvps.org
>> O1 - Hosts: 127.0.0.30 net-integration.net
>> O1 - Hosts: 127.0.0.31 noadware.net
>> O1 - Hosts: 127.0.0.32 no-spybot.com
>> O1 - Hosts: 127.0.0.33 onlinepcfix.com
>> O1 - Hosts: 127.0.0.34 pchell.com
>> O1 - Hosts: 127.0.0.35 pestpatrol.com
>> O1 - Hosts: 127.0.0.36 safer-networking.org
>> O1 - Hosts: 127.0.0.37 secure.spykiller.com
>> O1 - Hosts: 127.0.0.38 secureie.com
>> O1 - Hosts: 127.0.0.39 security.kolla.de
>> O1 - Hosts: 127.0.0.40 spybot.info
>> O1 - Hosts: 127.0.0.41 spychecker.com
>> O1 - Hosts: 127.0.0.42 spychecker.com
>> O1 - Hosts: 127.0.0.43 spycop.com
>> O1 - Hosts: 127.0.0.44 spyguard.com
>> O1 - Hosts: 127.0.0.45 spykiller.com
>> O1 - Hosts: 127.0.0.46 spyware.co.uk
>> O1 - Hosts: 127.0.0.47 spyware-cop.com
>> O1 - Hosts: 127.0.0.48 spywareinfo.com
>> O1 - Hosts: 127.0.0.49 spywarenuker.com
>> O1 - Hosts: 127.0.0.50 spywareremove.com
>> O1 - Hosts: 127.0.0.51 spywareremove.com
>> O1 - Hosts: 127.0.0.52 stopzillapro.com
>> O1 - Hosts: 127.0.0.53 sunbelt-software.com
>> O1 - Hosts: 127.0.0.54 thiefware.com
>> O1 - Hosts: 127.0.0.55 tomcoyote.org
>> O1 - Hosts: 127.0.0.56 unwantedlinks.com
>> O1 - Hosts: 127.0.0.57 webattack.com
>> O1 - Hosts: 127.0.0.58 wilders.org
>> O1 - Hosts: 127.0.0.59 www.auditmypc.com
>> O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
>> O1 - Hosts: 127.0.0.61 www.cexx.org
>> O1 - Hosts: 127.0.0.62 www.computercops.us
>> O1 - Hosts: 127.0.0.63 www.ct7support.com
>> O1 - Hosts: 127.0.0.64 www.doxdesk.com
>> O1 - Hosts: 127.0.0.65 www.eblocs.com
>> O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
>> O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
>> O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
>> O1 - Hosts: 127.0.0.69 www.grc.com
>> O1 - Hosts: 127.0.0.70 www.grisoft.com
>> O1 - Hosts: 127.0.0.71 www.hackfaq.org
>> O1 - Hosts: 127.0.0.72 www.hazeleger.net
>> O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
>> O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
>> O1 - Hosts: 127.0.0.75 www.kephyr.com
>> O1 - Hosts: 127.0.0.78 www.lurkhere.com
>> O1 - Hosts: 127.0.0.79 www.majorgeeks.com
>> O1 - Hosts: 127.0.0.80 www.merijn.org
>> O1 - Hosts: 127.0.0.81 www.mjc1.com
>> O1 - Hosts: 127.0.0.82 www.moosoft.com
>> O1 - Hosts: 127.0.0.83 www.mvps.org
>> O1 - Hosts: 127.0.0.84 www.net-integration.net
>> O1 - Hosts: 127.0.0.85 www.noadware.net
>> O1 - Hosts: 127.0.0.86 www.no-spybot.com
>> O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
>> O1 - Hosts: 127.0.0.88 www.pchell.com
>> O1 - Hosts: 127.0.0.89 www.pestpatrol.com
>> O1 - Hosts: 127.0.0.90 www.safer-networking.org
>> O1 - Hosts: 127.0.0.91 www.secureie.com
>> O1 - Hosts: 127.0.0.92 www.security.kolla.de
>> O1 - Hosts: 127.0.0.93 www.spybot.info
>> O1 - Hosts: 127.0.0.94 www.spychecker.com
>> O1 - Hosts: 127.0.0.95 www.spychecker.com
>> O1 - Hosts: 127.0.0.96 www.spycop.com
>> O1 - Hosts: 127.0.0.97 www.spyguard.com
>> O1 - Hosts: 127.0.0.98 www.spykiller.com
>> O1 - Hosts: 127.0.0.99 www.spyware.co.uk
>> O2 - BHO: AcroIEHlprObj Class -
>> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
>> Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
>> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
>> C:\PROGRA~ 1\SPYBOT~1\SDHelper.dll
>> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
>> file) O2 - BHO: CNisExtBho Class -
>> {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: \Program Files\Common
>> Files\Symantec Shared\AdBlocking\NISShExt.dll
>> O2 - BHO: Google Toolbar Helper -
>> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
>> files\google\googletoolbar1.dll
>> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872}
>> - C: \Program Files\Norton Internet Security\Norton
>> AntiVirus\NavShExt.dll
>> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
>> file) O3 - Toolbar: Web assistant -
>> {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: \Program Files\Common
>> Files\Symantec Shared\AdBlocking\NISShExt.dll
>> O3 - Toolbar: Norton AntiVirus -
>> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
>> Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar:
>> &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: \program
>> files\google\googletoolbar1.dll
>> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
>> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
>> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
>> Experience \PCMService.exe"
>> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
>> \qttask.exe" -atboottime
>> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
>> Shared \ccApp.exe"
>> O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
>> Security\UrlLstCk.exe
>> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
>> \Update_OB\realsched.exe" -osboot
>> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
>> \SNDMon.exe /Consumer
>> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
>> Jukebox \mmtask.exe
>> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
>> Files\Java\jre1.5.0_02 \bin\jusched.exe
>> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
>> \msmsgs.exe" /background
>> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
>> \DSAgnt.exe" /startup
>> O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
>> \InstallStub.exe -a
>> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -
>> Search & Destroy\TeaTimer.exe
>> O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program
>> Files\ScanSoft \NaturallySpeaking\Program\natspeak.exe
>> O4 - Global Startup: Microsoft Office.lnk = C:\Program
>> Files\Microsoft Office\Office\OSA9.EXE
>> O8 - Extra context menu item: &Google Search - res://c:\program files
>> \google\GoogleToolbar1.dll/cmsearch.html
>> O8 - Extra context menu item: Backward Links - res://c:\program files
>> \google\GoogleToolbar1.dll/cmbacklinks.html
>> O8 - Extra context menu item: Cached Snapshot of Page -
>> res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
>> O8 - Extra context menu item: Similar Pages - res://c:\program files
>> \google\GoogleToolbar1.dll/cmsimilar.html
>> O8 - Extra context menu item: Translate into English -
>> res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
>> O9 - Extra button: (no name) -
>> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
>> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
>> O9 - Extra 'Tools' menuitem: Sun Java Console -
>> {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program
>> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
>> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
>> - C: \WINDOWS\System32\Shdocvw.dll
>> O9 - Extra button: Messenger -
>> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
>> Files\Messenger\msmsgs.exe
>> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
>> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
>> O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
>> \NPBelv32.dll
>> O15 - Trusted Zone: *.musicmatch.com
>> O15 - Trusted Zone: *.musicmatch.com (HKLM)
>> O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class)
>> - https://www.plaxo.com/down/latest/PlaxoInstall.cab
>> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
>> Advantage Validation Tool) -
>> http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF:
>> {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 -
>> DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
>> scanner) -
>> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
>> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter
>> Class) -
>> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
>> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
>> Utility Class) -
>> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
>> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
>> Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
>> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
>> Class) -
>> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
>> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
>> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccEvtMgr.exe
>> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccProxy.exe
>> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager
>> (ccSetMgr) - Symantec Corporation - C:\Program Files\Common
>> Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus
>> Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program
>> Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
>> O23 - Service: SAVScan - Symantec Corporation - C:\Program
>> Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
>> O23 - Service: ScriptBlocking Service (SBService) - Symantec
>> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
>> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
>> Corporation - C:\Program Files\Common Files\Symantec
>> Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec
>> Corporation - C: \Program Files\Common Files\Symantec
>> Shared\Security Center\SymWSC.exe

>
>
>
> Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries
> They are blocking you going to antivirus and antispyware sites
> (amongst others)
> for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping
> you getting the Spybot updates.


safer.networking IS Spyot Search and Destroy.

Isearch is:
http://www.google.com/search?hl=en&lr=&q=1C78AB3F-A857-482E-80C0-3A1E5238A565&btnG=Search



>
> Once you have removed these entries reboot into safe mode and do your
> antivirus and antispyware scans.
>
> Cheers
> Paul.


--

Their ethics are a short summary of police ordinances: for them the
most important thing is to be a useful member of the state, and to air
their opinions in the club of an evening; they have never felt the
homesickness for something unknown and far away, nor the depths which
consists in being nothing at all. ___________Soren Kierkegaard

Ellis_jay


 
Reply With Quote
 
samuel
Guest
Posts: n/a
 
      09-05-2005
"ellis_jay" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> safer.networking IS Spyot Search and Destroy.


> Isearch is:
> http://www.google.com/search?hl=en&l...-A857-482E-80C
> 0-3A1E5238A565&btnG=Search



you had to post 300 lines just for the above ?
 
Reply With Quote
 
PC
Guest
Posts: n/a
 
      09-05-2005
"ellis_jay" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...

big snip
>>
>> Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries
>> They are blocking you going to antivirus and antispyware sites
>> (amongst others)
>> for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping
>> you getting the Spybot updates.

>
> safer.networking IS Spyot Search and Destroy.


snip

Kinda thought that was obvious from my reply!
Paul



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HiJack-This log.... please help. BIG DAVE Computer Support 10 01-18-2008 08:08 PM
Please help me with this Hijack This! log wbabbit@gmail.com Computer Support 5 06-12-2007 07:46 PM
Hijack This Log - Help Please! Daryl Computer Support 11 11-14-2005 08:05 PM
Browser Hijack... Help Please!! Watcher111 Computer Support 14 05-06-2005 07:12 PM
Hijack This Log - Please Help Rich Gabriele Computer Support 1 05-26-2004 06:19 PM



Advertisments