| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Kevin Garrett
Guest
Posts: n/a
|
I beleive my girlfriends computer got hijacked. She has run ad-aware and
attempted to run spybot 1.4. Spybot would not update the definitions but I was able to do it manually. Still she is blocked from certain sites including security.kolla.de, www.safer-networking.org, and www.spywareinfo.com as well as others. The system is a Dell Dimension 2400 running XP SP2. Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret the log. Thanks, Kevin Logfile of HijackThis v1.99.1 Scan saved at 6:38:47 PM, on 9/1/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis \HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/ O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.4 bulletproofsoft.net O1 - Hosts: 127.0.0.5 camtech2000.net O1 - Hosts: 127.0.0.6 cexx.org O1 - Hosts: 127.0.0.7 computercops.us O1 - Hosts: 127.0.0.8 ct7support.com O1 - Hosts: 127.0.0.9 doxdesk.com O1 - Hosts: 127.0.0.20 kellys-korner-xp.com O1 - Hosts: 127.0.0.21 kephyr.com O1 - Hosts: 127.0.0.24 lurkhere.com O1 - Hosts: 127.0.0.25 majorgeeks.com O1 - Hosts: 127.0.0.26 merijn.org O1 - Hosts: 127.0.0.27 mjc1.com O1 - Hosts: 127.0.0.28 moosoft.com O1 - Hosts: 127.0.0.29 mvps.org O1 - Hosts: 127.0.0.30 net-integration.net O1 - Hosts: 127.0.0.31 noadware.net O1 - Hosts: 127.0.0.32 no-spybot.com O1 - Hosts: 127.0.0.33 onlinepcfix.com O1 - Hosts: 127.0.0.34 pchell.com O1 - Hosts: 127.0.0.35 pestpatrol.com O1 - Hosts: 127.0.0.36 safer-networking.org O1 - Hosts: 127.0.0.37 secure.spykiller.com O1 - Hosts: 127.0.0.38 secureie.com O1 - Hosts: 127.0.0.39 security.kolla.de O1 - Hosts: 127.0.0.40 spybot.info O1 - Hosts: 127.0.0.41 spychecker.com O1 - Hosts: 127.0.0.42 spychecker.com O1 - Hosts: 127.0.0.43 spycop.com O1 - Hosts: 127.0.0.44 spyguard.com O1 - Hosts: 127.0.0.45 spykiller.com O1 - Hosts: 127.0.0.46 spyware.co.uk O1 - Hosts: 127.0.0.47 spyware-cop.com O1 - Hosts: 127.0.0.48 spywareinfo.com O1 - Hosts: 127.0.0.49 spywarenuker.com O1 - Hosts: 127.0.0.50 spywareremove.com O1 - Hosts: 127.0.0.51 spywareremove.com O1 - Hosts: 127.0.0.52 stopzillapro.com O1 - Hosts: 127.0.0.53 sunbelt-software.com O1 - Hosts: 127.0.0.54 thiefware.com O1 - Hosts: 127.0.0.55 tomcoyote.org O1 - Hosts: 127.0.0.56 unwantedlinks.com O1 - Hosts: 127.0.0.57 webattack.com O1 - Hosts: 127.0.0.58 wilders.org O1 - Hosts: 127.0.0.59 www.auditmypc.com O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net O1 - Hosts: 127.0.0.61 www.cexx.org O1 - Hosts: 127.0.0.62 www.computercops.us O1 - Hosts: 127.0.0.63 www.ct7support.com O1 - Hosts: 127.0.0.64 www.doxdesk.com O1 - Hosts: 127.0.0.65 www.eblocs.com O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com O1 - Hosts: 127.0.0.68 www.free-web-browsers.com O1 - Hosts: 127.0.0.69 www.grc.com O1 - Hosts: 127.0.0.70 www.grisoft.com O1 - Hosts: 127.0.0.71 www.hackfaq.org O1 - Hosts: 127.0.0.72 www.hazeleger.net O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com O1 - Hosts: 127.0.0.75 www.kephyr.com O1 - Hosts: 127.0.0.78 www.lurkhere.com O1 - Hosts: 127.0.0.79 www.majorgeeks.com O1 - Hosts: 127.0.0.80 www.merijn.org O1 - Hosts: 127.0.0.81 www.mjc1.com O1 - Hosts: 127.0.0.82 www.moosoft.com O1 - Hosts: 127.0.0.83 www.mvps.org O1 - Hosts: 127.0.0.84 www.net-integration.net O1 - Hosts: 127.0.0.85 www.noadware.net O1 - Hosts: 127.0.0.86 www.no-spybot.com O1 - Hosts: 127.0.0.87 www.onlinepcfix.com O1 - Hosts: 127.0.0.88 www.pchell.com O1 - Hosts: 127.0.0.89 www.pestpatrol.com O1 - Hosts: 127.0.0.90 www.safer-networking.org O1 - Hosts: 127.0.0.91 www.secureie.com O1 - Hosts: 127.0.0.92 www.security.kolla.de O1 - Hosts: 127.0.0.93 www.spybot.info O1 - Hosts: 127.0.0.94 www.spychecker.com O1 - Hosts: 127.0.0.95 www.spychecker.com O1 - Hosts: 127.0.0.96 www.spycop.com O1 - Hosts: 127.0.0.97 www.spyguard.com O1 - Hosts: 127.0.0.98 www.spykiller.com O1 - Hosts: 127.0.0.99 www.spyware.co.uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~ 1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: \program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience \PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime \qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared \ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real \Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 \SNDMon.exe /Consumer O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox \mmtask.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02 \bin\jusched.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger \msmsgs.exe" /background O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support \DSAgnt.exe" /startup O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3 \InstallStub.exe -a O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft \NaturallySpeaking\Program\natspeak.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Google Search - res://c:\program files \google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files \google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files \google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: \WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins \NPBelv32.dll O15 - Trusted Zone: *.musicmatch.com O15 - Trusted Zone: *.musicmatch.com (HKLM) O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
|||
|
|||
| Kevin Garrett |
|
|
|
| |
|
pcbutts1
Guest
Posts: n/a
|
Man they got her good. Have hijackthis fix the following lines by placing a
check mark in each box and clicking on fix checked . O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.4 bulletproofsoft.net O1 - Hosts: 127.0.0.5 camtech2000.net O1 - Hosts: 127.0.0.6 cexx.org O1 - Hosts: 127.0.0.7 computercops.us O1 - Hosts: 127.0.0.8 ct7support.com O1 - Hosts: 127.0.0.9 doxdesk.com O1 - Hosts: 127.0.0.20 kellys-korner-xp.com O1 - Hosts: 127.0.0.21 kephyr.com O1 - Hosts: 127.0.0.24 lurkhere.com O1 - Hosts: 127.0.0.25 majorgeeks.com O1 - Hosts: 127.0.0.26 merijn.org O1 - Hosts: 127.0.0.27 mjc1.com O1 - Hosts: 127.0.0.28 moosoft.com O1 - Hosts: 127.0.0.29 mvps.org O1 - Hosts: 127.0.0.30 net-integration.net O1 - Hosts: 127.0.0.31 noadware.net O1 - Hosts: 127.0.0.32 no-spybot.com O1 - Hosts: 127.0.0.33 onlinepcfix.com O1 - Hosts: 127.0.0.34 pchell.com O1 - Hosts: 127.0.0.35 pestpatrol.com O1 - Hosts: 127.0.0.36 safer-networking.org O1 - Hosts: 127.0.0.37 secure.spykiller.com O1 - Hosts: 127.0.0.38 secureie.com O1 - Hosts: 127.0.0.39 security.kolla.de O1 - Hosts: 127.0.0.40 spybot.info O1 - Hosts: 127.0.0.41 spychecker.com O1 - Hosts: 127.0.0.42 spychecker.com O1 - Hosts: 127.0.0.43 spycop.com O1 - Hosts: 127.0.0.44 spyguard.com O1 - Hosts: 127.0.0.45 spykiller.com O1 - Hosts: 127.0.0.46 spyware.co.uk O1 - Hosts: 127.0.0.47 spyware-cop.com O1 - Hosts: 127.0.0.48 spywareinfo.com O1 - Hosts: 127.0.0.49 spywarenuker.com O1 - Hosts: 127.0.0.50 spywareremove.com O1 - Hosts: 127.0.0.51 spywareremove.com O1 - Hosts: 127.0.0.52 stopzillapro.com O1 - Hosts: 127.0.0.53 sunbelt-software.com O1 - Hosts: 127.0.0.54 thiefware.com O1 - Hosts: 127.0.0.55 tomcoyote.org O1 - Hosts: 127.0.0.56 unwantedlinks.com O1 - Hosts: 127.0.0.57 webattack.com O1 - Hosts: 127.0.0.58 wilders.org O1 - Hosts: 127.0.0.59 www.auditmypc.com O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net O1 - Hosts: 127.0.0.61 www.cexx.org O1 - Hosts: 127.0.0.62 www.computercops.us O1 - Hosts: 127.0.0.63 www.ct7support.com O1 - Hosts: 127.0.0.64 www.doxdesk.com O1 - Hosts: 127.0.0.65 www.eblocs.com O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com O1 - Hosts: 127.0.0.68 www.free-web-browsers.com O1 - Hosts: 127.0.0.69 www.grc.com O1 - Hosts: 127.0.0.70 www.grisoft.com O1 - Hosts: 127.0.0.71 www.hackfaq.org O1 - Hosts: 127.0.0.72 www.hazeleger.net O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com O1 - Hosts: 127.0.0.75 www.kephyr.com O1 - Hosts: 127.0.0.78 www.lurkhere.com O1 - Hosts: 127.0.0.79 www.majorgeeks.com O1 - Hosts: 127.0.0.80 www.merijn.org O1 - Hosts: 127.0.0.81 www.mjc1.com O1 - Hosts: 127.0.0.82 www.moosoft.com O1 - Hosts: 127.0.0.83 www.mvps.org O1 - Hosts: 127.0.0.84 www.net-integration.net O1 - Hosts: 127.0.0.85 www.noadware.net O1 - Hosts: 127.0.0.86 www.no-spybot.com O1 - Hosts: 127.0.0.87 www.onlinepcfix.com O1 - Hosts: 127.0.0.88 www.pchell.com O1 - Hosts: 127.0.0.89 www.pestpatrol.com O1 - Hosts: 127.0.0.90 www.safer-networking.org O1 - Hosts: 127.0.0.91 www.secureie.com O1 - Hosts: 127.0.0.92 www.security.kolla.de O1 - Hosts: 127.0.0.93 www.spybot.info O1 - Hosts: 127.0.0.94 www.spychecker.com O1 - Hosts: 127.0.0.95 www.spychecker.com O1 - Hosts: 127.0.0.96 www.spycop.com O1 - Hosts: 127.0.0.97 www.spyguard.com O1 - Hosts: 127.0.0.98 www.spykiller.com O1 - Hosts: 127.0.0.99 www.spyware.co.uk O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab Once done then Download, install, update and run all of the following. Ad-Aware http://www.pcbutts1.com/downloads/aawsepersonal.exe Spybot search and destroy http://www.pcbutts1.com/downloads/spybotsd14.exe Ewido Security Suite Trial version http://www.pcbutts1.com/downloads/ewidosetup.exe Microsoft Windows AntiSpyware (Beta1) http://www.microsoft.com/downloads/d...displaylang=en -- The best live web video on the internet http://www.seedsv.com/webdemo.htm NEW Embedded system W/Linux. We now sell DVR cards. See it all at http://www.seedsv.com/products.htm Sharpvision simply the best http://www.seedsv.com "Kevin Garrett" <> wrote in message news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156... >I beleive my girlfriends computer got hijacked. She has run ad-aware and > attempted to run spybot 1.4. Spybot would not update the definitions but > I was able to do it manually. Still she is blocked from certain sites > including security.kolla.de, www.safer-networking.org, and > www.spywareinfo.com as well as others. The system is a Dell Dimension > 2400 running XP SP2. > > Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret > the log. Thanks, Kevin > > Logfile of HijackThis v1.99.1 > Scan saved at 6:38:47 PM, on 9/1/2005 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\WINDOWS\Explorer.EXE > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe > C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe > C:\WINDOWS\system32\hkcmd.exe > C:\Program Files\Dell\Media Experience\PCMService.exe > C:\Program Files\Common Files\Symantec Shared\ccApp.exe > C:\Program Files\Internet Explorer\iexplore.exe > C:\Program Files\Common Files\Real\Update_OB\realsched.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\Dell Support\DSAgnt.exe > C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe > C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe > C:\PROGRA~1\WINZIP\winzip32.exe > C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis > \HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dell4me.com/myway > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > http://news.google.com/ > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dell4me.com/myway > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://news.google.com/ > O1 - Hosts: 127.0.0.0 localhost > O1 - Hosts: 127.0.0.2 auditmypc.com > O1 - Hosts: 127.0.0.4 bulletproofsoft.net > O1 - Hosts: 127.0.0.5 camtech2000.net > O1 - Hosts: 127.0.0.6 cexx.org > O1 - Hosts: 127.0.0.7 computercops.us > O1 - Hosts: 127.0.0.8 ct7support.com > O1 - Hosts: 127.0.0.9 doxdesk.com > O1 - Hosts: 127.0.0.20 kellys-korner-xp.com > O1 - Hosts: 127.0.0.21 kephyr.com > O1 - Hosts: 127.0.0.24 lurkhere.com > O1 - Hosts: 127.0.0.25 majorgeeks.com > O1 - Hosts: 127.0.0.26 merijn.org > O1 - Hosts: 127.0.0.27 mjc1.com > O1 - Hosts: 127.0.0.28 moosoft.com > O1 - Hosts: 127.0.0.29 mvps.org > O1 - Hosts: 127.0.0.30 net-integration.net > O1 - Hosts: 127.0.0.31 noadware.net > O1 - Hosts: 127.0.0.32 no-spybot.com > O1 - Hosts: 127.0.0.33 onlinepcfix.com > O1 - Hosts: 127.0.0.34 pchell.com > O1 - Hosts: 127.0.0.35 pestpatrol.com > O1 - Hosts: 127.0.0.36 safer-networking.org > O1 - Hosts: 127.0.0.37 secure.spykiller.com > O1 - Hosts: 127.0.0.38 secureie.com > O1 - Hosts: 127.0.0.39 security.kolla.de > O1 - Hosts: 127.0.0.40 spybot.info > O1 - Hosts: 127.0.0.41 spychecker.com > O1 - Hosts: 127.0.0.42 spychecker.com > O1 - Hosts: 127.0.0.43 spycop.com > O1 - Hosts: 127.0.0.44 spyguard.com > O1 - Hosts: 127.0.0.45 spykiller.com > O1 - Hosts: 127.0.0.46 spyware.co.uk > O1 - Hosts: 127.0.0.47 spyware-cop.com > O1 - Hosts: 127.0.0.48 spywareinfo.com > O1 - Hosts: 127.0.0.49 spywarenuker.com > O1 - Hosts: 127.0.0.50 spywareremove.com > O1 - Hosts: 127.0.0.51 spywareremove.com > O1 - Hosts: 127.0.0.52 stopzillapro.com > O1 - Hosts: 127.0.0.53 sunbelt-software.com > O1 - Hosts: 127.0.0.54 thiefware.com > O1 - Hosts: 127.0.0.55 tomcoyote.org > O1 - Hosts: 127.0.0.56 unwantedlinks.com > O1 - Hosts: 127.0.0.57 webattack.com > O1 - Hosts: 127.0.0.58 wilders.org > O1 - Hosts: 127.0.0.59 www.auditmypc.com > O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net > O1 - Hosts: 127.0.0.61 www.cexx.org > O1 - Hosts: 127.0.0.62 www.computercops.us > O1 - Hosts: 127.0.0.63 www.ct7support.com > O1 - Hosts: 127.0.0.64 www.doxdesk.com > O1 - Hosts: 127.0.0.65 www.eblocs.com > O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com > O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com > O1 - Hosts: 127.0.0.68 www.free-web-browsers.com > O1 - Hosts: 127.0.0.69 www.grc.com > O1 - Hosts: 127.0.0.70 www.grisoft.com > O1 - Hosts: 127.0.0.71 www.hackfaq.org > O1 - Hosts: 127.0.0.72 www.hazeleger.net > O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com > O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com > O1 - Hosts: 127.0.0.75 www.kephyr.com > O1 - Hosts: 127.0.0.78 www.lurkhere.com > O1 - Hosts: 127.0.0.79 www.majorgeeks.com > O1 - Hosts: 127.0.0.80 www.merijn.org > O1 - Hosts: 127.0.0.81 www.mjc1.com > O1 - Hosts: 127.0.0.82 www.moosoft.com > O1 - Hosts: 127.0.0.83 www.mvps.org > O1 - Hosts: 127.0.0.84 www.net-integration.net > O1 - Hosts: 127.0.0.85 www.noadware.net > O1 - Hosts: 127.0.0.86 www.no-spybot.com > O1 - Hosts: 127.0.0.87 www.onlinepcfix.com > O1 - Hosts: 127.0.0.88 www.pchell.com > O1 - Hosts: 127.0.0.89 www.pestpatrol.com > O1 - Hosts: 127.0.0.90 www.safer-networking.org > O1 - Hosts: 127.0.0.91 www.secureie.com > O1 - Hosts: 127.0.0.92 www.security.kolla.de > O1 - Hosts: 127.0.0.93 www.spybot.info > O1 - Hosts: 127.0.0.94 www.spychecker.com > O1 - Hosts: 127.0.0.95 www.spychecker.com > O1 - Hosts: 127.0.0.96 www.spycop.com > O1 - Hosts: 127.0.0.97 www.spyguard.com > O1 - Hosts: 127.0.0.98 www.spykiller.com > O1 - Hosts: 127.0.0.99 www.spyware.co.uk > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~ > 1\SPYBOT~1\SDHelper.dll > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) > O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} > - c:\program files\google\googletoolbar1.dll > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: > \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) > O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: > \program files\google\googletoolbar1.dll > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience > \PCMService.exe" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime > \qttask.exe" -atboottime > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared > \ccApp.exe" > O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet > Security\UrlLstCk.exe > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real > \Update_OB\realsched.exe" -osboot > O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 > \SNDMon.exe /Consumer > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox > \mmtask.exe > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02 > \bin\jusched.exe > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger > \msmsgs.exe" /background > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support > \DSAgnt.exe" /startup > O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3 > \InstallStub.exe -a > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft > \NaturallySpeaking\Program\natspeak.exe > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft > Office\Office\OSA9.EXE > O8 - Extra context menu item: &Google Search - res://c:\program files > \google\GoogleToolbar1.dll/cmsearch.html > O8 - Extra context menu item: Backward Links - res://c:\program files > \google\GoogleToolbar1.dll/cmbacklinks.html > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program > files\google\GoogleToolbar1.dll/cmcache.html > O8 - Extra context menu item: Similar Pages - res://c:\program files > \google\GoogleToolbar1.dll/cmsimilar.html > O8 - Extra context menu item: Translate into English - res://c:\program > files\google\GoogleToolbar1.dll/cmtrans.html > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- > 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: > \WINDOWS\System32\Shdocvw.dll > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- > BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins > \NPBelv32.dll > O15 - Trusted Zone: *.musicmatch.com > O15 - Trusted Zone: *.musicmatch.com (HKLM) > O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - > https://www.plaxo.com/down/latest/PlaxoInstall.cab > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine > Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 > O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus > scanner) - > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility > Class) - > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) > - https://www-secure.symantec.com/techsupp/asa/SymAData.cab > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton > AntiVirus\navapsvc.exe > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton > Internet Security\Norton AntiVirus\SAVScan.exe > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation > - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: > \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
|||
|
|
|||
| pcbutts1 |
|
|
|
| |
|
PC
Guest
Posts: n/a
|
"Kevin Garrett" <> wrote in message
news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156... >I beleive my girlfriends computer got hijacked. She has run ad-aware and > attempted to run spybot 1.4. Spybot would not update the definitions but > I was able to do it manually. Still she is blocked from certain sites > including security.kolla.de, www.safer-networking.org, and > www.spywareinfo.com as well as others. The system is a Dell Dimension > 2400 running XP SP2. > > Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret > the log. Thanks, Kevin > > Logfile of HijackThis v1.99.1 > Scan saved at 6:38:47 PM, on 9/1/2005 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\WINDOWS\Explorer.EXE > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe > C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe > C:\WINDOWS\system32\hkcmd.exe > C:\Program Files\Dell\Media Experience\PCMService.exe > C:\Program Files\Common Files\Symantec Shared\ccApp.exe > C:\Program Files\Internet Explorer\iexplore.exe > C:\Program Files\Common Files\Real\Update_OB\realsched.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\Dell Support\DSAgnt.exe > C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe > C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe > C:\PROGRA~1\WINZIP\winzip32.exe > C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis > \HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dell4me.com/myway > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > http://news.google.com/ > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dell4me.com/myway > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://news.google.com/ > O1 - Hosts: 127.0.0.0 localhost > O1 - Hosts: 127.0.0.2 auditmypc.com > O1 - Hosts: 127.0.0.4 bulletproofsoft.net > O1 - Hosts: 127.0.0.5 camtech2000.net > O1 - Hosts: 127.0.0.6 cexx.org > O1 - Hosts: 127.0.0.7 computercops.us > O1 - Hosts: 127.0.0.8 ct7support.com > O1 - Hosts: 127.0.0.9 doxdesk.com > O1 - Hosts: 127.0.0.20 kellys-korner-xp.com > O1 - Hosts: 127.0.0.21 kephyr.com > O1 - Hosts: 127.0.0.24 lurkhere.com > O1 - Hosts: 127.0.0.25 majorgeeks.com > O1 - Hosts: 127.0.0.26 merijn.org > O1 - Hosts: 127.0.0.27 mjc1.com > O1 - Hosts: 127.0.0.28 moosoft.com > O1 - Hosts: 127.0.0.29 mvps.org > O1 - Hosts: 127.0.0.30 net-integration.net > O1 - Hosts: 127.0.0.31 noadware.net > O1 - Hosts: 127.0.0.32 no-spybot.com > O1 - Hosts: 127.0.0.33 onlinepcfix.com > O1 - Hosts: 127.0.0.34 pchell.com > O1 - Hosts: 127.0.0.35 pestpatrol.com > O1 - Hosts: 127.0.0.36 safer-networking.org > O1 - Hosts: 127.0.0.37 secure.spykiller.com > O1 - Hosts: 127.0.0.38 secureie.com > O1 - Hosts: 127.0.0.39 security.kolla.de > O1 - Hosts: 127.0.0.40 spybot.info > O1 - Hosts: 127.0.0.41 spychecker.com > O1 - Hosts: 127.0.0.42 spychecker.com > O1 - Hosts: 127.0.0.43 spycop.com > O1 - Hosts: 127.0.0.44 spyguard.com > O1 - Hosts: 127.0.0.45 spykiller.com > O1 - Hosts: 127.0.0.46 spyware.co.uk > O1 - Hosts: 127.0.0.47 spyware-cop.com > O1 - Hosts: 127.0.0.48 spywareinfo.com > O1 - Hosts: 127.0.0.49 spywarenuker.com > O1 - Hosts: 127.0.0.50 spywareremove.com > O1 - Hosts: 127.0.0.51 spywareremove.com > O1 - Hosts: 127.0.0.52 stopzillapro.com > O1 - Hosts: 127.0.0.53 sunbelt-software.com > O1 - Hosts: 127.0.0.54 thiefware.com > O1 - Hosts: 127.0.0.55 tomcoyote.org > O1 - Hosts: 127.0.0.56 unwantedlinks.com > O1 - Hosts: 127.0.0.57 webattack.com > O1 - Hosts: 127.0.0.58 wilders.org > O1 - Hosts: 127.0.0.59 www.auditmypc.com > O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net > O1 - Hosts: 127.0.0.61 www.cexx.org > O1 - Hosts: 127.0.0.62 www.computercops.us > O1 - Hosts: 127.0.0.63 www.ct7support.com > O1 - Hosts: 127.0.0.64 www.doxdesk.com > O1 - Hosts: 127.0.0.65 www.eblocs.com > O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com > O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com > O1 - Hosts: 127.0.0.68 www.free-web-browsers.com > O1 - Hosts: 127.0.0.69 www.grc.com > O1 - Hosts: 127.0.0.70 www.grisoft.com > O1 - Hosts: 127.0.0.71 www.hackfaq.org > O1 - Hosts: 127.0.0.72 www.hazeleger.net > O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com > O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com > O1 - Hosts: 127.0.0.75 www.kephyr.com > O1 - Hosts: 127.0.0.78 www.lurkhere.com > O1 - Hosts: 127.0.0.79 www.majorgeeks.com > O1 - Hosts: 127.0.0.80 www.merijn.org > O1 - Hosts: 127.0.0.81 www.mjc1.com > O1 - Hosts: 127.0.0.82 www.moosoft.com > O1 - Hosts: 127.0.0.83 www.mvps.org > O1 - Hosts: 127.0.0.84 www.net-integration.net > O1 - Hosts: 127.0.0.85 www.noadware.net > O1 - Hosts: 127.0.0.86 www.no-spybot.com > O1 - Hosts: 127.0.0.87 www.onlinepcfix.com > O1 - Hosts: 127.0.0.88 www.pchell.com > O1 - Hosts: 127.0.0.89 www.pestpatrol.com > O1 - Hosts: 127.0.0.90 www.safer-networking.org > O1 - Hosts: 127.0.0.91 www.secureie.com > O1 - Hosts: 127.0.0.92 www.security.kolla.de > O1 - Hosts: 127.0.0.93 www.spybot.info > O1 - Hosts: 127.0.0.94 www.spychecker.com > O1 - Hosts: 127.0.0.95 www.spychecker.com > O1 - Hosts: 127.0.0.96 www.spycop.com > O1 - Hosts: 127.0.0.97 www.spyguard.com > O1 - Hosts: 127.0.0.98 www.spykiller.com > O1 - Hosts: 127.0.0.99 www.spyware.co.uk > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~ > 1\SPYBOT~1\SDHelper.dll > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) > O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} > - c:\program files\google\googletoolbar1.dll > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: > \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) > O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: > \program files\google\googletoolbar1.dll > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience > \PCMService.exe" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime > \qttask.exe" -atboottime > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared > \ccApp.exe" > O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet > Security\UrlLstCk.exe > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real > \Update_OB\realsched.exe" -osboot > O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 > \SNDMon.exe /Consumer > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox > \mmtask.exe > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02 > \bin\jusched.exe > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger > \msmsgs.exe" /background > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support > \DSAgnt.exe" /startup > O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3 > \InstallStub.exe -a > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft > \NaturallySpeaking\Program\natspeak.exe > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft > Office\Office\OSA9.EXE > O8 - Extra context menu item: &Google Search - res://c:\program files > \google\GoogleToolbar1.dll/cmsearch.html > O8 - Extra context menu item: Backward Links - res://c:\program files > \google\GoogleToolbar1.dll/cmbacklinks.html > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program > files\google\GoogleToolbar1.dll/cmcache.html > O8 - Extra context menu item: Similar Pages - res://c:\program files > \google\GoogleToolbar1.dll/cmsimilar.html > O8 - Extra context menu item: Translate into English - res://c:\program > files\google\GoogleToolbar1.dll/cmtrans.html > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- > 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: > \WINDOWS\System32\Shdocvw.dll > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- > BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins > \NPBelv32.dll > O15 - Trusted Zone: *.musicmatch.com > O15 - Trusted Zone: *.musicmatch.com (HKLM) > O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - > https://www.plaxo.com/down/latest/PlaxoInstall.cab > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine > Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 > O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus > scanner) - > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility > Class) - > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) > - https://www-secure.symantec.com/techsupp/asa/SymAData.cab > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton > AntiVirus\navapsvc.exe > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton > Internet Security\Norton AntiVirus\SAVScan.exe > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation > - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: > \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries They are blocking you going to antivirus and antispyware sites (amongst others) for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping you getting the Spybot updates. Once you have removed these entries reboot into safe mode and do your antivirus and antispyware scans. Cheers Paul. |
|
|
|
|
|||
|
|
|||
| PC |
|
pcbutts1
Guest
Posts: n/a
|
Man they got her good. Have hijackthis fix the following lines by placing a
check mark in each box and clicking on fix checked . O1 - Hosts: 127.0.0.0 localhost O1 - Hosts: 127.0.0.2 auditmypc.com O1 - Hosts: 127.0.0.4 bulletproofsoft.net O1 - Hosts: 127.0.0.5 camtech2000.net O1 - Hosts: 127.0.0.6 cexx.org O1 - Hosts: 127.0.0.7 computercops.us O1 - Hosts: 127.0.0.8 ct7support.com O1 - Hosts: 127.0.0.9 doxdesk.com O1 - Hosts: 127.0.0.20 kellys-korner-xp.com O1 - Hosts: 127.0.0.21 kephyr.com O1 - Hosts: 127.0.0.24 lurkhere.com O1 - Hosts: 127.0.0.25 majorgeeks.com O1 - Hosts: 127.0.0.26 merijn.org O1 - Hosts: 127.0.0.27 mjc1.com O1 - Hosts: 127.0.0.28 moosoft.com O1 - Hosts: 127.0.0.29 mvps.org O1 - Hosts: 127.0.0.30 net-integration.net O1 - Hosts: 127.0.0.31 noadware.net O1 - Hosts: 127.0.0.32 no-spybot.com O1 - Hosts: 127.0.0.33 onlinepcfix.com O1 - Hosts: 127.0.0.34 pchell.com O1 - Hosts: 127.0.0.35 pestpatrol.com O1 - Hosts: 127.0.0.36 safer-networking.org O1 - Hosts: 127.0.0.37 secure.spykiller.com O1 - Hosts: 127.0.0.38 secureie.com O1 - Hosts: 127.0.0.39 security.kolla.de O1 - Hosts: 127.0.0.40 spybot.info O1 - Hosts: 127.0.0.41 spychecker.com O1 - Hosts: 127.0.0.42 spychecker.com O1 - Hosts: 127.0.0.43 spycop.com O1 - Hosts: 127.0.0.44 spyguard.com O1 - Hosts: 127.0.0.45 spykiller.com O1 - Hosts: 127.0.0.46 spyware.co.uk O1 - Hosts: 127.0.0.47 spyware-cop.com O1 - Hosts: 127.0.0.48 spywareinfo.com O1 - Hosts: 127.0.0.49 spywarenuker.com O1 - Hosts: 127.0.0.50 spywareremove.com O1 - Hosts: 127.0.0.51 spywareremove.com O1 - Hosts: 127.0.0.52 stopzillapro.com O1 - Hosts: 127.0.0.53 sunbelt-software.com O1 - Hosts: 127.0.0.54 thiefware.com O1 - Hosts: 127.0.0.55 tomcoyote.org O1 - Hosts: 127.0.0.56 unwantedlinks.com O1 - Hosts: 127.0.0.57 webattack.com O1 - Hosts: 127.0.0.58 wilders.org O1 - Hosts: 127.0.0.59 www.auditmypc.com O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net O1 - Hosts: 127.0.0.61 www.cexx.org O1 - Hosts: 127.0.0.62 www.computercops.us O1 - Hosts: 127.0.0.63 www.ct7support.com O1 - Hosts: 127.0.0.64 www.doxdesk.com O1 - Hosts: 127.0.0.65 www.eblocs.com O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com O1 - Hosts: 127.0.0.68 www.free-web-browsers.com O1 - Hosts: 127.0.0.69 www.grc.com O1 - Hosts: 127.0.0.70 www.grisoft.com O1 - Hosts: 127.0.0.71 www.hackfaq.org O1 - Hosts: 127.0.0.72 www.hazeleger.net O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com O1 - Hosts: 127.0.0.75 www.kephyr.com O1 - Hosts: 127.0.0.78 www.lurkhere.com O1 - Hosts: 127.0.0.79 www.majorgeeks.com O1 - Hosts: 127.0.0.80 www.merijn.org O1 - Hosts: 127.0.0.81 www.mjc1.com O1 - Hosts: 127.0.0.82 www.moosoft.com O1 - Hosts: 127.0.0.83 www.mvps.org O1 - Hosts: 127.0.0.84 www.net-integration.net O1 - Hosts: 127.0.0.85 www.noadware.net O1 - Hosts: 127.0.0.86 www.no-spybot.com O1 - Hosts: 127.0.0.87 www.onlinepcfix.com O1 - Hosts: 127.0.0.88 www.pchell.com O1 - Hosts: 127.0.0.89 www.pestpatrol.com O1 - Hosts: 127.0.0.90 www.safer-networking.org O1 - Hosts: 127.0.0.91 www.secureie.com O1 - Hosts: 127.0.0.92 www.security.kolla.de O1 - Hosts: 127.0.0.93 www.spybot.info O1 - Hosts: 127.0.0.94 www.spychecker.com O1 - Hosts: 127.0.0.95 www.spychecker.com O1 - Hosts: 127.0.0.96 www.spycop.com O1 - Hosts: 127.0.0.97 www.spyguard.com O1 - Hosts: 127.0.0.98 www.spykiller.com O1 - Hosts: 127.0.0.99 www.spyware.co.uk O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab Once done then Download, install, update and run all of the following. Ad-Aware http://www.pcbutts1.com/downloads/aawsepersonal.exe Spybot search and destroy http://www.pcbutts1.com/downloads/spybotsd14.exe Ewido Security Suite Trial version http://www.pcbutts1.com/downloads/ewidosetup.exe Microsoft Windows AntiSpyware (Beta1) http://www.microsoft.com/downloads/d...displaylang=en -- The best live web video on the internet http://www.seedsv.com/webdemo.htm NEW Embedded system W/Linux. We now sell DVR cards. See it all at http://www.seedsv.com/products.htm Sharpvision simply the best http://www.seedsv.com "Kevin Garrett" <> wrote in message news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156... >I beleive my girlfriends computer got hijacked. She has run ad-aware and > attempted to run spybot 1.4. Spybot would not update the definitions but > I was able to do it manually. Still she is blocked from certain sites > including security.kolla.de, www.safer-networking.org, and > www.spywareinfo.com as well as others. The system is a Dell Dimension > 2400 running XP SP2. > > Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret > the log. Thanks, Kevin > > Logfile of HijackThis v1.99.1 > Scan saved at 6:38:47 PM, on 9/1/2005 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\System32\svchost.exe > C:\WINDOWS\system32\spoolsv.exe > C:\WINDOWS\Explorer.EXE > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe > C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe > C:\WINDOWS\system32\hkcmd.exe > C:\Program Files\Dell\Media Experience\PCMService.exe > C:\Program Files\Common Files\Symantec Shared\ccApp.exe > C:\Program Files\Internet Explorer\iexplore.exe > C:\Program Files\Common Files\Real\Update_OB\realsched.exe > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe > C:\Program Files\Messenger\msmsgs.exe > C:\Program Files\Dell Support\DSAgnt.exe > C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe > C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe > C:\PROGRA~1\WINZIP\winzip32.exe > C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis > \HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dell4me.com/myway > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = > http://news.google.com/ > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://www.dell4me.com/myway > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://news.google.com/ > O1 - Hosts: 127.0.0.0 localhost > O1 - Hosts: 127.0.0.2 auditmypc.com > O1 - Hosts: 127.0.0.4 bulletproofsoft.net > O1 - Hosts: 127.0.0.5 camtech2000.net > O1 - Hosts: 127.0.0.6 cexx.org > O1 - Hosts: 127.0.0.7 computercops.us > O1 - Hosts: 127.0.0.8 ct7support.com > O1 - Hosts: 127.0.0.9 doxdesk.com > O1 - Hosts: 127.0.0.20 kellys-korner-xp.com > O1 - Hosts: 127.0.0.21 kephyr.com > O1 - Hosts: 127.0.0.24 lurkhere.com > O1 - Hosts: 127.0.0.25 majorgeeks.com > O1 - Hosts: 127.0.0.26 merijn.org > O1 - Hosts: 127.0.0.27 mjc1.com > O1 - Hosts: 127.0.0.28 moosoft.com > O1 - Hosts: 127.0.0.29 mvps.org > O1 - Hosts: 127.0.0.30 net-integration.net > O1 - Hosts: 127.0.0.31 noadware.net > O1 - Hosts: 127.0.0.32 no-spybot.com > O1 - Hosts: 127.0.0.33 onlinepcfix.com > O1 - Hosts: 127.0.0.34 pchell.com > O1 - Hosts: 127.0.0.35 pestpatrol.com > O1 - Hosts: 127.0.0.36 safer-networking.org > O1 - Hosts: 127.0.0.37 secure.spykiller.com > O1 - Hosts: 127.0.0.38 secureie.com > O1 - Hosts: 127.0.0.39 security.kolla.de > O1 - Hosts: 127.0.0.40 spybot.info > O1 - Hosts: 127.0.0.41 spychecker.com > O1 - Hosts: 127.0.0.42 spychecker.com > O1 - Hosts: 127.0.0.43 spycop.com > O1 - Hosts: 127.0.0.44 spyguard.com > O1 - Hosts: 127.0.0.45 spykiller.com > O1 - Hosts: 127.0.0.46 spyware.co.uk > O1 - Hosts: 127.0.0.47 spyware-cop.com > O1 - Hosts: 127.0.0.48 spywareinfo.com > O1 - Hosts: 127.0.0.49 spywarenuker.com > O1 - Hosts: 127.0.0.50 spywareremove.com > O1 - Hosts: 127.0.0.51 spywareremove.com > O1 - Hosts: 127.0.0.52 stopzillapro.com > O1 - Hosts: 127.0.0.53 sunbelt-software.com > O1 - Hosts: 127.0.0.54 thiefware.com > O1 - Hosts: 127.0.0.55 tomcoyote.org > O1 - Hosts: 127.0.0.56 unwantedlinks.com > O1 - Hosts: 127.0.0.57 webattack.com > O1 - Hosts: 127.0.0.58 wilders.org > O1 - Hosts: 127.0.0.59 www.auditmypc.com > O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net > O1 - Hosts: 127.0.0.61 www.cexx.org > O1 - Hosts: 127.0.0.62 www.computercops.us > O1 - Hosts: 127.0.0.63 www.ct7support.com > O1 - Hosts: 127.0.0.64 www.doxdesk.com > O1 - Hosts: 127.0.0.65 www.eblocs.com > O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com > O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com > O1 - Hosts: 127.0.0.68 www.free-web-browsers.com > O1 - Hosts: 127.0.0.69 www.grc.com > O1 - Hosts: 127.0.0.70 www.grisoft.com > O1 - Hosts: 127.0.0.71 www.hackfaq.org > O1 - Hosts: 127.0.0.72 www.hazeleger.net > O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com > O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com > O1 - Hosts: 127.0.0.75 www.kephyr.com > O1 - Hosts: 127.0.0.78 www.lurkhere.com > O1 - Hosts: 127.0.0.79 www.majorgeeks.com > O1 - Hosts: 127.0.0.80 www.merijn.org > O1 - Hosts: 127.0.0.81 www.mjc1.com > O1 - Hosts: 127.0.0.82 www.moosoft.com > O1 - Hosts: 127.0.0.83 www.mvps.org > O1 - Hosts: 127.0.0.84 www.net-integration.net > O1 - Hosts: 127.0.0.85 www.noadware.net > O1 - Hosts: 127.0.0.86 www.no-spybot.com > O1 - Hosts: 127.0.0.87 www.onlinepcfix.com > O1 - Hosts: 127.0.0.88 www.pchell.com > O1 - Hosts: 127.0.0.89 www.pestpatrol.com > O1 - Hosts: 127.0.0.90 www.safer-networking.org > O1 - Hosts: 127.0.0.91 www.secureie.com > O1 - Hosts: 127.0.0.92 www.security.kolla.de > O1 - Hosts: 127.0.0.93 www.spybot.info > O1 - Hosts: 127.0.0.94 www.spychecker.com > O1 - Hosts: 127.0.0.95 www.spychecker.com > O1 - Hosts: 127.0.0.96 www.spycop.com > O1 - Hosts: 127.0.0.97 www.spyguard.com > O1 - Hosts: 127.0.0.98 www.spykiller.com > O1 - Hosts: 127.0.0.99 www.spyware.co.uk > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~ > 1\SPYBOT~1\SDHelper.dll > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) > O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} > - c:\program files\google\googletoolbar1.dll > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: > \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) > O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: > \program files\google\googletoolbar1.dll > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience > \PCMService.exe" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime > \qttask.exe" -atboottime > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared > \ccApp.exe" > O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet > Security\UrlLstCk.exe > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real > \Update_OB\realsched.exe" -osboot > O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 > \SNDMon.exe /Consumer > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox > \mmtask.exe > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02 > \bin\jusched.exe > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger > \msmsgs.exe" /background > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support > \DSAgnt.exe" /startup > O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3 > \InstallStub.exe -a > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft > \NaturallySpeaking\Program\natspeak.exe > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft > Office\Office\OSA9.EXE > O8 - Extra context menu item: &Google Search - res://c:\program files > \google\GoogleToolbar1.dll/cmsearch.html > O8 - Extra context menu item: Backward Links - res://c:\program files > \google\GoogleToolbar1.dll/cmbacklinks.html > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program > files\google\GoogleToolbar1.dll/cmcache.html > O8 - Extra context menu item: Similar Pages - res://c:\program files > \google\GoogleToolbar1.dll/cmsimilar.html > O8 - Extra context menu item: Translate into English - res://c:\program > files\google\GoogleToolbar1.dll/cmtrans.html > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- > 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C: > \WINDOWS\System32\Shdocvw.dll > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- > BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe > O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins > \NPBelv32.dll > O15 - Trusted Zone: *.musicmatch.com > O15 - Trusted Zone: *.musicmatch.com (HKLM) > O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - > https://www.plaxo.com/down/latest/PlaxoInstall.cab > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine > Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 > O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus > scanner) - > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility > Class) - > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) > - https://www-secure.symantec.com/techsupp/asa/SymAData.cab > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton > AntiVirus\navapsvc.exe > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton > Internet Security\Norton AntiVirus\SAVScan.exe > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation > - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: > \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
|
|
|
|
|||
|
|
|||
| pcbutts1 |
|
ellis_jay
Guest
Posts: n/a
|
PC wrote:
> "Kevin Garrett" <> wrote in message > news:Xns96C4C15CC5133kevingarrettcomcastn@204.153. 244.156... >> I beleive my girlfriends computer got hijacked. She has run >> ad-aware and attempted to run spybot 1.4. Spybot would not update >> the definitions but I was able to do it manually. Still she is >> blocked from certain sites including security.kolla.de, >> www.safer-networking.org, and www.spywareinfo.com as well as others. >> The system is a Dell Dimension 2400 running XP SP2. >> >> Anyway, we downloaded and ran Hijackthis. Hoping someone can >> interpret the log. Thanks, Kevin >> >> Logfile of HijackThis v1.99.1 >> Scan saved at 6:38:47 PM, on 9/1/2005 >> Platform: Windows XP SP2 (WinNT 5.01.2600) >> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) >> >> Running processes: >> C:\WINDOWS\System32\smss.exe >> C:\WINDOWS\system32\winlogon.exe >> C:\WINDOWS\system32\services.exe >> C:\WINDOWS\system32\lsass.exe >> C:\WINDOWS\system32\svchost.exe >> C:\WINDOWS\System32\svchost.exe >> C:\WINDOWS\system32\spoolsv.exe >> C:\WINDOWS\Explorer.EXE >> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe >> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe >> C:\Program Files\Norton Internet Security\Norton >> AntiVirus\navapsvc.exe C:\Program Files\Norton Internet >> Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common >> Files\Symantec Shared\SNDSrvc.exe >> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe >> C:\Program Files\Common Files\Symantec Shared\Security >> Center\SymWSC.exe C:\WINDOWS\system32\hkcmd.exe >> C:\Program Files\Dell\Media Experience\PCMService.exe >> C:\Program Files\Common Files\Symantec Shared\ccApp.exe >> C:\Program Files\Internet Explorer\iexplore.exe >> C:\Program Files\Common Files\Real\Update_OB\realsched.exe >> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe >> C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe >> C:\Program Files\Messenger\msmsgs.exe >> C:\Program Files\Dell Support\DSAgnt.exe >> C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe >> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe >> C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak. exe >> C:\PROGRA~1\WINZIP\winzip32.exe >> C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis >> \HijackThis.exe >> >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL >> = http://www.dell4me.com/myway >> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = >> http://news.google.com/ >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL >> = http://www.dell4me.com/myway >> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = >> http://news.google.com/ >> O1 - Hosts: 127.0.0.0 localhost >> O1 - Hosts: 127.0.0.2 auditmypc.com >> O1 - Hosts: 127.0.0.4 bulletproofsoft.net >> O1 - Hosts: 127.0.0.5 camtech2000.net >> O1 - Hosts: 127.0.0.6 cexx.org >> O1 - Hosts: 127.0.0.7 computercops.us >> O1 - Hosts: 127.0.0.8 ct7support.com >> O1 - Hosts: 127.0.0.9 doxdesk.com >> O1 - Hosts: 127.0.0.20 kellys-korner-xp.com >> O1 - Hosts: 127.0.0.21 kephyr.com >> O1 - Hosts: 127.0.0.24 lurkhere.com >> O1 - Hosts: 127.0.0.25 majorgeeks.com >> O1 - Hosts: 127.0.0.26 merijn.org >> O1 - Hosts: 127.0.0.27 mjc1.com >> O1 - Hosts: 127.0.0.28 moosoft.com >> O1 - Hosts: 127.0.0.29 mvps.org >> O1 - Hosts: 127.0.0.30 net-integration.net >> O1 - Hosts: 127.0.0.31 noadware.net >> O1 - Hosts: 127.0.0.32 no-spybot.com >> O1 - Hosts: 127.0.0.33 onlinepcfix.com >> O1 - Hosts: 127.0.0.34 pchell.com >> O1 - Hosts: 127.0.0.35 pestpatrol.com >> O1 - Hosts: 127.0.0.36 safer-networking.org >> O1 - Hosts: 127.0.0.37 secure.spykiller.com >> O1 - Hosts: 127.0.0.38 secureie.com >> O1 - Hosts: 127.0.0.39 security.kolla.de >> O1 - Hosts: 127.0.0.40 spybot.info >> O1 - Hosts: 127.0.0.41 spychecker.com >> O1 - Hosts: 127.0.0.42 spychecker.com >> O1 - Hosts: 127.0.0.43 spycop.com >> O1 - Hosts: 127.0.0.44 spyguard.com >> O1 - Hosts: 127.0.0.45 spykiller.com >> O1 - Hosts: 127.0.0.46 spyware.co.uk >> O1 - Hosts: 127.0.0.47 spyware-cop.com >> O1 - Hosts: 127.0.0.48 spywareinfo.com >> O1 - Hosts: 127.0.0.49 spywarenuker.com >> O1 - Hosts: 127.0.0.50 spywareremove.com >> O1 - Hosts: 127.0.0.51 spywareremove.com >> O1 - Hosts: 127.0.0.52 stopzillapro.com >> O1 - Hosts: 127.0.0.53 sunbelt-software.com >> O1 - Hosts: 127.0.0.54 thiefware.com >> O1 - Hosts: 127.0.0.55 tomcoyote.org >> O1 - Hosts: 127.0.0.56 unwantedlinks.com >> O1 - Hosts: 127.0.0.57 webattack.com >> O1 - Hosts: 127.0.0.58 wilders.org >> O1 - Hosts: 127.0.0.59 www.auditmypc.com >> O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net >> O1 - Hosts: 127.0.0.61 www.cexx.org >> O1 - Hosts: 127.0.0.62 www.computercops.us >> O1 - Hosts: 127.0.0.63 www.ct7support.com >> O1 - Hosts: 127.0.0.64 www.doxdesk.com >> O1 - Hosts: 127.0.0.65 www.eblocs.com >> O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com >> O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com >> O1 - Hosts: 127.0.0.68 www.free-web-browsers.com >> O1 - Hosts: 127.0.0.69 www.grc.com >> O1 - Hosts: 127.0.0.70 www.grisoft.com >> O1 - Hosts: 127.0.0.71 www.hackfaq.org >> O1 - Hosts: 127.0.0.72 www.hazeleger.net >> O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com >> O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com >> O1 - Hosts: 127.0.0.75 www.kephyr.com >> O1 - Hosts: 127.0.0.78 www.lurkhere.com >> O1 - Hosts: 127.0.0.79 www.majorgeeks.com >> O1 - Hosts: 127.0.0.80 www.merijn.org >> O1 - Hosts: 127.0.0.81 www.mjc1.com >> O1 - Hosts: 127.0.0.82 www.moosoft.com >> O1 - Hosts: 127.0.0.83 www.mvps.org >> O1 - Hosts: 127.0.0.84 www.net-integration.net >> O1 - Hosts: 127.0.0.85 www.noadware.net >> O1 - Hosts: 127.0.0.86 www.no-spybot.com >> O1 - Hosts: 127.0.0.87 www.onlinepcfix.com >> O1 - Hosts: 127.0.0.88 www.pchell.com >> O1 - Hosts: 127.0.0.89 www.pestpatrol.com >> O1 - Hosts: 127.0.0.90 www.safer-networking.org >> O1 - Hosts: 127.0.0.91 www.secureie.com >> O1 - Hosts: 127.0.0.92 www.security.kolla.de >> O1 - Hosts: 127.0.0.93 www.spybot.info >> O1 - Hosts: 127.0.0.94 www.spychecker.com >> O1 - Hosts: 127.0.0.95 www.spychecker.com >> O1 - Hosts: 127.0.0.96 www.spycop.com >> O1 - Hosts: 127.0.0.97 www.spyguard.com >> O1 - Hosts: 127.0.0.98 www.spykiller.com >> O1 - Hosts: 127.0.0.99 www.spyware.co.uk >> O2 - BHO: AcroIEHlprObj Class - >> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program >> Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll >> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - >> C:\PROGRA~ 1\SPYBOT~1\SDHelper.dll >> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no >> file) O2 - BHO: CNisExtBho Class - >> {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: \Program Files\Common >> Files\Symantec Shared\AdBlocking\NISShExt.dll >> O2 - BHO: Google Toolbar Helper - >> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program >> files\google\googletoolbar1.dll >> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} >> - C: \Program Files\Norton Internet Security\Norton >> AntiVirus\NavShExt.dll >> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no >> file) O3 - Toolbar: Web assistant - >> {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: \Program Files\Common >> Files\Symantec Shared\AdBlocking\NISShExt.dll >> O3 - Toolbar: Norton AntiVirus - >> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton >> Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: >> &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: \program >> files\google\googletoolbar1.dll >> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe >> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe >> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media >> Experience \PCMService.exe" >> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime >> \qttask.exe" -atboottime >> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec >> Shared \ccApp.exe" >> O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet >> Security\UrlLstCk.exe >> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real >> \Update_OB\realsched.exe" -osboot >> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1 >> \SNDMon.exe /Consumer >> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH >> Jukebox \mmtask.exe >> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program >> Files\Java\jre1.5.0_02 \bin\jusched.exe >> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger >> \msmsgs.exe" /background >> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support >> \DSAgnt.exe" /startup >> O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3 >> \InstallStub.exe -a >> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - >> Search & Destroy\TeaTimer.exe >> O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program >> Files\ScanSoft \NaturallySpeaking\Program\natspeak.exe >> O4 - Global Startup: Microsoft Office.lnk = C:\Program >> Files\Microsoft Office\Office\OSA9.EXE >> O8 - Extra context menu item: &Google Search - res://c:\program files >> \google\GoogleToolbar1.dll/cmsearch.html >> O8 - Extra context menu item: Backward Links - res://c:\program files >> \google\GoogleToolbar1.dll/cmbacklinks.html >> O8 - Extra context menu item: Cached Snapshot of Page - >> res://c:\program files\google\GoogleToolbar1.dll/cmcache.html >> O8 - Extra context menu item: Similar Pages - res://c:\program files >> \google\GoogleToolbar1.dll/cmsimilar.html >> O8 - Extra context menu item: Translate into English - >> res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html >> O9 - Extra button: (no name) - >> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program >> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll >> O9 - Extra 'Tools' menuitem: Sun Java Console - >> {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program >> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll >> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} >> - C: \WINDOWS\System32\Shdocvw.dll >> O9 - Extra button: Messenger - >> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program >> Files\Messenger\msmsgs.exe >> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2- >> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe >> O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins >> \NPBelv32.dll >> O15 - Trusted Zone: *.musicmatch.com >> O15 - Trusted Zone: *.musicmatch.com (HKLM) >> O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) >> - https://www.plaxo.com/down/latest/PlaxoInstall.cab >> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine >> Advantage Validation Tool) - >> http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: >> {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 - >> DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus >> scanner) - >> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab >> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter >> Class) - >> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab >> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI >> Utility Class) - >> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab >> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo >> Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab >> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj >> Class) - >> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab >> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll >> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec >> Corporation - C:\Program Files\Common Files\Symantec >> Shared\ccEvtMgr.exe >> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec >> Corporation - C:\Program Files\Common Files\Symantec >> Shared\ccProxy.exe >> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec >> Corporation - C:\Program Files\Common Files\Symantec >> Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager >> (ccSetMgr) - Symantec Corporation - C:\Program Files\Common >> Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus >> Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program >> Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe >> O23 - Service: SAVScan - Symantec Corporation - C:\Program >> Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe >> O23 - Service: ScriptBlocking Service (SBService) - Symantec >> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe >> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec >> Corporation - C:\Program Files\Common Files\Symantec >> Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec >> Corporation - C: \Program Files\Common Files\Symantec >> Shared\Security Center\SymWSC.exe > > > > Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries > They are blocking you going to antivirus and antispyware sites > (amongst others) > for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping > you getting the Spybot updates. safer.networking IS Spyot Search and Destroy. Isearch is: http://www.google.com/search?hl=en&lr=&q=1C78AB3F-A857-482E-80C0-3A1E5238A565&btnG=Search > > Once you have removed these entries reboot into safe mode and do your > antivirus and antispyware scans. > > Cheers > Paul. -- Their ethics are a short summary of police ordinances: for them the most important thing is to be a useful member of the state, and to air their opinions in the club of an evening; they have never felt the homesickness for something unknown and far away, nor the depths which consists in being nothing at all. ___________Soren Kierkegaard Ellis_jay |
|
|
|
|
|||
|
|
|||
| ellis_jay |
|
samuel
Guest
Posts: n/a
|
"ellis_jay" <> wrote in
news:AYudnYAZp-99JobeRVn-: > safer.networking IS Spyot Search and Destroy. > Isearch is: > http://www.google.com/search?hl=en&l...-A857-482E-80C > 0-3A1E5238A565&btnG=Search you had to post 300 lines just for the above ? |
|
|
|
|
|||
|
|
|||
| samuel |
|
PC
Guest
Posts: n/a
|
"ellis_jay" <> wrote in message
news:AYudnYAZp-99JobeRVn-... big snip >> >> Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries >> They are blocking you going to antivirus and antispyware sites >> (amongst others) >> for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping >> you getting the Spybot updates. > > safer.networking IS Spyot Search and Destroy. snip Kinda thought that was obvious from my reply! Paul |
|
|
|
|
|||
|
|
|||
| PC |
|
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| HiJack-This log.... please help. | BIG DAVE | Computer Support | 10 | 01-18-2008 08:08 PM |
| Please help me with this Hijack This! log | wbabbit@gmail.com | Computer Support | 5 | 06-12-2007 07:46 PM |
| Hijack This Log - Help Please! | Daryl | Computer Support | 11 | 11-14-2005 08:05 PM |
| Browser Hijack... Help Please!! | Watcher111 | Computer Support | 14 | 05-06-2005 07:12 PM |
| Hijack This Log - Please Help | Rich Gabriele | Computer Support | 1 | 05-26-2004 06:19 PM |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc. |
