Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Unable to block Pop-ups:Please resolve this Hijack Log

Reply
Thread Tools

Unable to block Pop-ups:Please resolve this Hijack Log

 
 
Thaqalainnaqvi@gmail.com
Guest
Posts: n/a
 
      05-30-2006
Logfile of HijackThis v1.99.1
Scan saved at 1:50:20 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Chris McGinty\Application
Data\sgrunt\IE4321.exe
C:\defender20.exe
C:\WINDOWS\system32\Isass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\Isass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Documents and Settings\pc2\My
Documents\Submittals\COMPROB\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton
Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Chris
McGinty\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O4 - HKLM\..\Run: [Isass.exe] C:\WINDOWS\system32\Isass.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Isass.exe] C:\WINDOWS\system32\Isass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.powersoft.name
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AF0A52C3-594B-48BC-901D-75F2F7C3D832}:
NameServer = 195.3.96.67,195.3.96.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program
Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program
Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Isass.exe - Unknown owner -
C:\WINDOWS\system32\Isass.exe

 
Reply With Quote
 
 
 
 
Evan Platt
Guest
Posts: n/a
 
      05-30-2006
On 30 May 2006 02:54:50 -0700, http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

>Logfile of HijackThis v1.99.1


Paste it into http://www.hijackthis.de/ .
--
To reply, remove TheObvious from my e-mail address.
 
Reply With Quote
 
 
 
 
pcbutts1
Guest
Posts: n/a
 
      05-30-2006
Have HJT fix the following lines by placing a check in the box next to each
line and clicking on the fix checked button on the bottom.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= about:blank
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Chris
McGinty\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O4 - HKLM\..\Run: [Isass.exe] C:\WINDOWS\system32\Isass.exe
O4 - HKCU\..\Run: [Isass.exe] C:\WINDOWS\system32\Isass.exe
O15 - Trusted Zone: www.powersoft.name
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Isass.exe - Unknown owner -
C:\WINDOWS\system32\Isass.exe

Download Killbox from here http://www.pcbutts1.com/downloads/killbox.zip
run it and copy and paste the line below into the box then click on the red
X to delete the file. Reboot.

C:\WINDOWS\system32\Isass.exe


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Logfile of HijackThis v1.99.1
> Scan saved at 1:50:20 PM, on 5/30/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



 
Reply With Quote
 
Thaqalainnaqvi@gmail.com
Guest
Posts: n/a
 
      05-31-2006
Logfile of HijackThis v1.99.1
Scan saved at 1:03:18 PM, on 5/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Chris McGinty\Application
Data\sgrunt\IE4321.exe
C:\defender20.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\pc2\My
Documents\Submittals\COMPROB\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton
Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Chris
McGinty\Application Data\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [defender] C:\\defender20.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.powersoft.name
O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{AF0A52C3-594B-48BC-901D-75F2F7C3D832}:
NameServer = 195.3.96.67,195.3.96.68
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DF5Serv - Faronics Corporation - C:\Program
Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program
Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Isass.exe - Unknown owner -
C:\WINDOWS\system32\Isass.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

 
Reply With Quote
 
Trent SC
Guest
Posts: n/a
 
      05-31-2006
Copy & paste the log into the relevant section at www.hijackthis.de and
you'll get a detailed analysis online.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Logfile of HijackThis v1.99.1
> Scan saved at 1:03:18 PM, on 5/31/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
> c:\program files\mcafee.com\agent\mcdetect.exe
> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
> c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
> C:\WINDOWS\SOUNDMAN.EXE
> C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Documents and Settings\Chris McGinty\Application
> Data\sgrunt\IE4321.exe
> C:\defender20.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
> C:\WINDOWS\system32\CNAB4RPK.EXE
> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
> C:\WINDOWS\explorer.exe
> C:\Documents and Settings\pc2\My
> Documents\Submittals\COMPROB\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = about:blank
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar2.dll
> O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
> O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton
> Ghost 2003\GhostStartTrayApp.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Chris
> McGinty\Application Data\sgrunt\IE4321.exe
> O4 - HKLM\..\Run: [defender] C:\\defender20.exe
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
> Files\Yahoo!\Messenger\ypager.exe" -quiet
> O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
> Messenger\MsnMsgr.Exe" /background
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
> & Destroy\TeaTimer.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
> Files\Common Files\Autodesk Shared\acstart16.exe
> O8 - Extra context menu item: &Google Search - res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages - res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O15 - Trusted Zone: www.powersoft.name
> O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
> http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{AF0A52C3-594B-48BC-901D-75F2F7C3D832}:
> NameServer = 195.3.96.67,195.3.96.68
> O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
> O23 - Service: DF5Serv - Faronics Corporation - C:\Program
> Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
> O23 - Service: GhostStartService - Symantec Corporation - C:\Program
> Files\Symantec\Norton Ghost 2003\GhostStartService.exe
> O23 - Service: Isass.exe - Unknown owner -
> C:\WINDOWS\system32\Isass.exe (file missing)
> O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
> c:\program files\mcafee.com\agent\mcdetect.exe
> O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
> O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
> O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
> McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
>



 
Reply With Quote
 
Thaqalainnaqvi@gmail.com
Guest
Posts: n/a
 
      05-31-2006
ArchiveData(auto-quarantine- 2006-05-31 13-58-52.bckp)
Referencefile : SE1R109 22.05.2006
================================================== ====

MRU LIST

obj[0]=MRU FileReference : C:\Documents and Settings\pc2\Application
Data\microsoft\office\recent\??????6-4 ?????1-5.LNK
obj[1]=MRU FileReference : C:\Documents and
Settings\pc2\recent\Desktop.ini
obj[3]=MRU RegReference :
S-1-5-21-484763869-115176313-839522115-1003\software\microsoft\office\11.0\common\open
find\microsoft office word\settings\open\file name mru value
obj[4]=MRU RegReference :
S-1-5-21-484763869-115176313-839522115-1003\software\microsoft\windows
media\wmsdk\general computername

ADWARE.DOLLARREVENUE

obj[4]=Process : C:\defender20.exe
obj[12]=RegValue : Software\Microsoft\Windows\CurrentVersion\Run
"defender"
obj[42]=Regkey : software\microsoft\downloadmanager
obj[44]=File : c:\\defender20.exe
obj[45]=File : C:\defender1.exe
obj[46]=File : C:\defender20.exe
obj[49]=File : C:\keyboard16.exe
obj[50]=File : C:\keyboard17.exe
obj[51]=File : C:\keyboard18.exe
obj[52]=File : C:\mousepad16.exe
obj[53]=File : C:\mousepad17.exe
obj[54]=File : C:\newname16.exe
obj[55]=File : C:\newname17.exe
obj[56]=File : C:\newname18.exe
obj[69]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117128.exe
obj[70]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117129.exe
obj[84]=File : C:\WINDOWS\defender1.exe
obj[85]=File : C:\WINDOWS\keyboard16.exe
obj[86]=File : C:\WINDOWS\keyboard17.exe
obj[87]=File : C:\WINDOWS\keyboard18.exe
obj[88]=File : C:\WINDOWS\mousepad16.exe
obj[89]=File : C:\WINDOWS\mousepad17.exe
obj[90]=File : C:\WINDOWS\newname16.exe
obj[91]=File : C:\WINDOWS\newname17.exe
obj[92]=File : C:\WINDOWS\newname18.exe

ZANGO

obj[5]=Regkey : interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1}
obj[6]=Regkey : interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31}
obj[7]=Regkey : interface\{e43dfaa6-8c16-4519-b022-8792408505a4}
obj[64]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP27\A0036811.exe
obj[67]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP27\A0037848.dll

WINDOWS

obj[8]=RegData :
S-1-5-21-484763869-115176313-839522115-1003\software\microsoft\windows\currentversion\pol icies\system
"DisableRegistryTools"
obj[10]=RegData : software\microsoft\windows nt\currentversion\winlogon
"Shell"

ABETTERINTERNET.NAIL

obj[9]=RegData : software\microsoft\windows nt\currentversion\winlogon
"Shell"

WIN32.TROJAN.DOWNLOADER

obj[11]=Regkey : CLSID\{0D4B70A3-7969-4DB2-9B4A-F613BE8EBF2B}
obj[43]=File : c:\program files\internet explorer\mecoro.dll
obj[60]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP22\A0014688.exe
obj[61]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP22\A0015682.exe
obj[62]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP23\A0016682.exe
obj[63]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP23\A0016697.exe
obj[71]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117130.exe
obj[72]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117132.exe
obj[74]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117134.exe
obj[75]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117135.exe
obj[81]=File : C:\VSL02.exe

TRACKING COOKIE

obj[13]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@2o7[1].txt
obj[14]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[15]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[16]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[17]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@atdmt[2].txt
obj[18]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@bravenet[1].txt
obj[19]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[20]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@casalemedia[2].txt
obj[21]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@casinotropez[2].txt
obj[22]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@cgi-bin[2].txt
obj[23]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@cgi-bin[3].txt
obj[24]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[25]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[2].txt
obj[26]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@doubleclick[2].txt
obj[27]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@overture[2].txt
obj[28]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[29]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)[1].txt
obj[30]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@questionmarket[1].txt
obj[31]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@realmedia[1].txt
obj[32]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@real[2].txt
obj[33]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@revenue[1].txt
obj[34]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\(E-Mail Removed)-eu.falkag[1].txt
obj[35]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@serving-sys[2].txt
obj[36]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@statcounter[2].txt
obj[37]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@tradedoubler[2].txt
obj[38]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@tribalfusion[1].txt
obj[39]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@tripod[1].txt
obj[40]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@xxxcounter[2].txt
obj[41]=IECache Entry : C:\Documents and
Settings\Hatem\Cookies\hatem@zedo[2].txt

CMDSERVICES

obj[47]=File : C:\Documents and Settings\Chris McGinty\Local
Settings\Temp\cmdinst.exe
obj[68]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117127.dll
obj[73]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117133.exe
obj[76]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117136.exe
obj[79]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0118209.dll
obj[83]=File : C:\WINDOWS\cGMy\command.exe

TARGETSAVER

obj[48]=File : C:\Documents and Settings\Chris McGinty\Local
Settings\Temp\tsinstall_4_0_4_0_b4.exe
obj[57]=File : C:\Program Files\Common Files\ziri\zirid\ziric.dll
obj[58]=File : C:\Program Files\Common Files\ziri\ziril.exe
obj[59]=File : C:\Program Files\Common Files\ziri\zirim.exe
obj[77]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117140.exe

WEBHANCER

obj[65]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP27\A0036816.exe
obj[66]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP27\A0037805.dll
obj[78]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0117141.exe

WIN32.TROJAN.DNSCHANGER

obj[80]=File : C:\System Volume
Information\_restore{C076781A-BC0B-474D-B396-9E14A4CFEE2C}\RP33\A0118210.exe

ISEARCH TOOLBAR

obj[82]=File : C:\WINDOWS\cGMy\asappsrv.dll

OTHER

obj[93]=File : C:\WINDOWS\prefetch\DEFENDER20.EXE-2220C91E.pf

 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      05-31-2006
(E-Mail Removed) wrote:

|>Chris McGinty


--
ThePirateBay.org Raided
http://www.slyck.com/news.php?story=1203
 
Reply With Quote
 
pcbutts1
Guest
Posts: n/a
 
      05-31-2006
I told you how to fix it in your last post, I'm not going to do it again.
Why is it that I have to keep repeating answers to you, that's why I stopped
a few months ago. Learn how to use newsgroups. Sheeeeeesh!

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Logfile of HijackThis v1.99.1
> Scan saved at 1:03:18 PM, on 5/31/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
> c:\program files\mcafee.com\agent\mcdetect.exe
> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
> c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
> C:\WINDOWS\SOUNDMAN.EXE
> C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
> C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
> C:\Documents and Settings\Chris McGinty\Application
> Data\sgrunt\IE4321.exe
> C:\defender20.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
> C:\WINDOWS\system32\CNAB4RPK.EXE
> C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
> C:\WINDOWS\explorer.exe
> C:\Documents and Settings\pc2\My
> Documents\Submittals\COMPROB\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
> = about:blank
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar2.dll
> O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
> O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton
> Ghost 2003\GhostStartTrayApp.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
> Files\Real\Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Chris
> McGinty\Application Data\sgrunt\IE4321.exe
> O4 - HKLM\..\Run: [defender] C:\\defender20.exe
> O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
> Files\Yahoo!\Messenger\ypager.exe" -quiet
> O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
> Messenger\MsnMsgr.Exe" /background
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search
> & Destroy\TeaTimer.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
> Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program
> Files\Common Files\Autodesk Shared\acstart16.exe
> O8 - Extra context menu item: &Google Search - res://c:\program
> files\google\GoogleToolbar2.dll/cmsearch.html
> O8 - Extra context menu item: &Translate English Word -
> res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
> O8 - Extra context menu item: Backward Links - res://c:\program
> files\google\GoogleToolbar2.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page -
> res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O8 - Extra context menu item: Similar Pages - res://c:\program
> files\google\GoogleToolbar2.dll/cmsimilar.html
> O8 - Extra context menu item: Translate Page into English -
> res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
> {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
> C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O15 - Trusted Zone: www.powersoft.name
> O16 - DPF: {71DA2A4E-ACB3-4065-9E41-8BC42EABE427} -
> http://scripts.dlv4.com/binaries/IA/svcia32_EN_XP.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{AF0A52C3-594B-48BC-901D-75F2F7C3D832}:
> NameServer = 195.3.96.67,195.3.96.68
> O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
> O23 - Service: DF5Serv - Faronics Corporation - C:\Program
> Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
> O23 - Service: GhostStartService - Symantec Corporation - C:\Program
> Files\Symantec\Norton Ghost 2003\GhostStartService.exe
> O23 - Service: Isass.exe - Unknown owner -
> C:\WINDOWS\system32\Isass.exe (file missing)
> O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc -
> c:\program files\mcafee.com\agent\mcdetect.exe
> O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. -
> c:\PROGRA~1\mcafee.com\vso\mcshield.exe
> O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc -
> c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
> O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) -
> McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
>



 
Reply With Quote
 
Thaqalainnaqvi@gmail.com
Guest
Posts: n/a
 
      05-31-2006

I have pasted log after fixing those lines which u have asked me.The
fresh log is to see,do we have still some odd things in it or is it
clean?

 
Reply With Quote
 
Rhonda Lea Kirk
Guest
Posts: n/a
 
      05-31-2006
(E-Mail Removed) wrote:
> I have pasted log after fixing those lines which u have asked me.The
> fresh log is to see,do we have still some odd things in it or is it
> clean?


No. It isn't.

Google for isass.exe.

Have you considered installing a firewall and antivirus software?

--
Rhonda Lea Kirk

Insisting on perfect safety is for people
without the balls to live in the real world.
Mary Shafer Iliff


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
src-resolve: Cannot resolve the name ... ivanet@gmail.com XML 1 03-23-2007 12:10 PM
Fo:Block can you check to see if a block contains any text by using the block id? morrell XML 1 10-10-2006 07:18 PM
Hijack This Log - Please Help Rich Gabriele Computer Support 1 05-26-2004 06:19 PM
Hijack this log por favor joevan Computer Support 6 02-20-2004 07:27 PM



Advertisments