Please Help With Hijack this

Discussion in 'Computer Support' started by Kevin Garrett, Sep 2, 2005.

  1. I beleive my girlfriends computer got hijacked. She has run ad-aware and
    attempted to run spybot 1.4. Spybot would not update the definitions but
    I was able to do it manually. Still she is blocked from certain sites
    including security.kolla.de, www.safer-networking.org, and
    www.spywareinfo.com as well as others. The system is a Dell Dimension
    2400 running XP SP2.

    Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
    the log. Thanks, Kevin

    Logfile of HijackThis v1.99.1
    Scan saved at 6:38:47 PM, on 9/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
    \HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://news.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://www.dell4me.com/myway
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://news.google.com/
    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.48 spywareinfo.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
    1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
    \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    - c:\program files\google\googletoolbar1.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
    \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
    \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
    \program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
    \PCMService.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    \qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
    \ccApp.exe"
    O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
    Security\UrlLstCk.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
    \Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    \SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
    \mmtask.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
    \bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
    \msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
    \DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
    \InstallStub.exe -a
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    Destroy\TeaTimer.exe
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
    \NaturallySpeaking\Program\natspeak.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files
    \google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files
    \google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files
    \google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
    \WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
    \NPBelv32.dll
    O15 - Trusted Zone: *.musicmatch.com
    O15 - Trusted Zone: *.musicmatch.com (HKLM)
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
    https://www.plaxo.com/down/latest/PlaxoInstall.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    scanner) -
    http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    Class) -
    http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
    - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
    - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
    \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    Kevin Garrett, Sep 2, 2005
    #1
    1. Advertising

  2. Kevin Garrett

    pcbutts1 Guest

    Man they got her good. Have hijackthis fix the following lines by placing a
    check mark in each box and clicking on fix checked .

    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.48 spywareinfo.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

    Once done then Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en



    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Kevin Garrett" <> wrote in message
    news:Xns96C4C15CC5133kevingarrettcomcastn@204.153.244.156...
    >I beleive my girlfriends computer got hijacked. She has run ad-aware and
    > attempted to run spybot 1.4. Spybot would not update the definitions but
    > I was able to do it manually. Still she is blocked from certain sites
    > including security.kolla.de, www.safer-networking.org, and
    > www.spywareinfo.com as well as others. The system is a Dell Dimension
    > 2400 running XP SP2.
    >
    > Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
    > the log. Thanks, Kevin
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 6:38:47 PM, on 9/1/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    > C:\WINDOWS\system32\hkcmd.exe
    > C:\Program Files\Dell\Media Experience\PCMService.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\Program Files\Dell Support\DSAgnt.exe
    > C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
    > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    > C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    > C:\PROGRA~1\WINZIP\winzip32.exe
    > C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
    > \HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.dell4me.com/myway
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://news.google.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.dell4me.com/myway
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://news.google.com/
    > O1 - Hosts: 127.0.0.0 localhost
    > O1 - Hosts: 127.0.0.2 auditmypc.com
    > O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    > O1 - Hosts: 127.0.0.5 camtech2000.net
    > O1 - Hosts: 127.0.0.6 cexx.org
    > O1 - Hosts: 127.0.0.7 computercops.us
    > O1 - Hosts: 127.0.0.8 ct7support.com
    > O1 - Hosts: 127.0.0.9 doxdesk.com
    > O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    > O1 - Hosts: 127.0.0.21 kephyr.com
    > O1 - Hosts: 127.0.0.24 lurkhere.com
    > O1 - Hosts: 127.0.0.25 majorgeeks.com
    > O1 - Hosts: 127.0.0.26 merijn.org
    > O1 - Hosts: 127.0.0.27 mjc1.com
    > O1 - Hosts: 127.0.0.28 moosoft.com
    > O1 - Hosts: 127.0.0.29 mvps.org
    > O1 - Hosts: 127.0.0.30 net-integration.net
    > O1 - Hosts: 127.0.0.31 noadware.net
    > O1 - Hosts: 127.0.0.32 no-spybot.com
    > O1 - Hosts: 127.0.0.33 onlinepcfix.com
    > O1 - Hosts: 127.0.0.34 pchell.com
    > O1 - Hosts: 127.0.0.35 pestpatrol.com
    > O1 - Hosts: 127.0.0.36 safer-networking.org
    > O1 - Hosts: 127.0.0.37 secure.spykiller.com
    > O1 - Hosts: 127.0.0.38 secureie.com
    > O1 - Hosts: 127.0.0.39 security.kolla.de
    > O1 - Hosts: 127.0.0.40 spybot.info
    > O1 - Hosts: 127.0.0.41 spychecker.com
    > O1 - Hosts: 127.0.0.42 spychecker.com
    > O1 - Hosts: 127.0.0.43 spycop.com
    > O1 - Hosts: 127.0.0.44 spyguard.com
    > O1 - Hosts: 127.0.0.45 spykiller.com
    > O1 - Hosts: 127.0.0.46 spyware.co.uk
    > O1 - Hosts: 127.0.0.47 spyware-cop.com
    > O1 - Hosts: 127.0.0.48 spywareinfo.com
    > O1 - Hosts: 127.0.0.49 spywarenuker.com
    > O1 - Hosts: 127.0.0.50 spywareremove.com
    > O1 - Hosts: 127.0.0.51 spywareremove.com
    > O1 - Hosts: 127.0.0.52 stopzillapro.com
    > O1 - Hosts: 127.0.0.53 sunbelt-software.com
    > O1 - Hosts: 127.0.0.54 thiefware.com
    > O1 - Hosts: 127.0.0.55 tomcoyote.org
    > O1 - Hosts: 127.0.0.56 unwantedlinks.com
    > O1 - Hosts: 127.0.0.57 webattack.com
    > O1 - Hosts: 127.0.0.58 wilders.org
    > O1 - Hosts: 127.0.0.59 www.auditmypc.com
    > O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    > O1 - Hosts: 127.0.0.61 www.cexx.org
    > O1 - Hosts: 127.0.0.62 www.computercops.us
    > O1 - Hosts: 127.0.0.63 www.ct7support.com
    > O1 - Hosts: 127.0.0.64 www.doxdesk.com
    > O1 - Hosts: 127.0.0.65 www.eblocs.com
    > O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    > O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    > O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    > O1 - Hosts: 127.0.0.69 www.grc.com
    > O1 - Hosts: 127.0.0.70 www.grisoft.com
    > O1 - Hosts: 127.0.0.71 www.hackfaq.org
    > O1 - Hosts: 127.0.0.72 www.hazeleger.net
    > O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    > O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    > O1 - Hosts: 127.0.0.75 www.kephyr.com
    > O1 - Hosts: 127.0.0.78 www.lurkhere.com
    > O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    > O1 - Hosts: 127.0.0.80 www.merijn.org
    > O1 - Hosts: 127.0.0.81 www.mjc1.com
    > O1 - Hosts: 127.0.0.82 www.moosoft.com
    > O1 - Hosts: 127.0.0.83 www.mvps.org
    > O1 - Hosts: 127.0.0.84 www.net-integration.net
    > O1 - Hosts: 127.0.0.85 www.noadware.net
    > O1 - Hosts: 127.0.0.86 www.no-spybot.com
    > O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    > O1 - Hosts: 127.0.0.88 www.pchell.com
    > O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    > O1 - Hosts: 127.0.0.90 www.safer-networking.org
    > O1 - Hosts: 127.0.0.91 www.secureie.com
    > O1 - Hosts: 127.0.0.92 www.security.kolla.de
    > O1 - Hosts: 127.0.0.93 www.spybot.info
    > O1 - Hosts: 127.0.0.94 www.spychecker.com
    > O1 - Hosts: 127.0.0.95 www.spychecker.com
    > O1 - Hosts: 127.0.0.96 www.spycop.com
    > O1 - Hosts: 127.0.0.97 www.spyguard.com
    > O1 - Hosts: 127.0.0.98 www.spykiller.com
    > O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
    > 1\SPYBOT~1\SDHelper.dll
    > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    > O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
    > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    > - c:\program files\google\googletoolbar1.dll
    > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
    > \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    > O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
    > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
    > \program files\google\googletoolbar1.dll
    > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
    > \PCMService.exe"
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    > \qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
    > \ccApp.exe"
    > O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
    > Security\UrlLstCk.exe
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
    > \Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    > \SNDMon.exe /Consumer
    > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
    > \mmtask.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
    > \bin\jusched.exe
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
    > \msmsgs.exe" /background
    > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
    > \DSAgnt.exe" /startup
    > O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
    > \InstallStub.exe -a
    > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    > Destroy\TeaTimer.exe
    > O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
    > \NaturallySpeaking\Program\natspeak.exe
    > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office\OSA9.EXE
    > O8 - Extra context menu item: &Google Search - res://c:\program files
    > \google\GoogleToolbar1.dll/cmsearch.html
    > O8 - Extra context menu item: Backward Links - res://c:\program files
    > \google\GoogleToolbar1.dll/cmbacklinks.html
    > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    > files\google\GoogleToolbar1.dll/cmcache.html
    > O8 - Extra context menu item: Similar Pages - res://c:\program files
    > \google\GoogleToolbar1.dll/cmsimilar.html
    > O8 - Extra context menu item: Translate into English - res://c:\program
    > files\google\GoogleToolbar1.dll/cmtrans.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    > 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
    > \WINDOWS\System32\Shdocvw.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    > BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    > O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
    > \NPBelv32.dll
    > O15 - Trusted Zone: *.musicmatch.com
    > O15 - Trusted Zone: *.musicmatch.com (HKLM)
    > O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
    > https://www.plaxo.com/down/latest/PlaxoInstall.cab
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    > Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    > O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
    > - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    > AntiVirus\navapsvc.exe
    > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    > Internet Security\Norton AntiVirus\SAVScan.exe
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
    > - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
    > \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    pcbutts1, Sep 2, 2005
    #2
    1. Advertising

  3. Kevin Garrett

    PC Guest

    "Kevin Garrett" <> wrote in message
    news:Xns96C4C15CC5133kevingarrettcomcastn@204.153.244.156...
    >I beleive my girlfriends computer got hijacked. She has run ad-aware and
    > attempted to run spybot 1.4. Spybot would not update the definitions but
    > I was able to do it manually. Still she is blocked from certain sites
    > including security.kolla.de, www.safer-networking.org, and
    > www.spywareinfo.com as well as others. The system is a Dell Dimension
    > 2400 running XP SP2.
    >
    > Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
    > the log. Thanks, Kevin
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 6:38:47 PM, on 9/1/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    > C:\WINDOWS\system32\hkcmd.exe
    > C:\Program Files\Dell\Media Experience\PCMService.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\Program Files\Dell Support\DSAgnt.exe
    > C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
    > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    > C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    > C:\PROGRA~1\WINZIP\winzip32.exe
    > C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
    > \HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.dell4me.com/myway
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://news.google.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.dell4me.com/myway
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://news.google.com/
    > O1 - Hosts: 127.0.0.0 localhost
    > O1 - Hosts: 127.0.0.2 auditmypc.com
    > O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    > O1 - Hosts: 127.0.0.5 camtech2000.net
    > O1 - Hosts: 127.0.0.6 cexx.org
    > O1 - Hosts: 127.0.0.7 computercops.us
    > O1 - Hosts: 127.0.0.8 ct7support.com
    > O1 - Hosts: 127.0.0.9 doxdesk.com
    > O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    > O1 - Hosts: 127.0.0.21 kephyr.com
    > O1 - Hosts: 127.0.0.24 lurkhere.com
    > O1 - Hosts: 127.0.0.25 majorgeeks.com
    > O1 - Hosts: 127.0.0.26 merijn.org
    > O1 - Hosts: 127.0.0.27 mjc1.com
    > O1 - Hosts: 127.0.0.28 moosoft.com
    > O1 - Hosts: 127.0.0.29 mvps.org
    > O1 - Hosts: 127.0.0.30 net-integration.net
    > O1 - Hosts: 127.0.0.31 noadware.net
    > O1 - Hosts: 127.0.0.32 no-spybot.com
    > O1 - Hosts: 127.0.0.33 onlinepcfix.com
    > O1 - Hosts: 127.0.0.34 pchell.com
    > O1 - Hosts: 127.0.0.35 pestpatrol.com
    > O1 - Hosts: 127.0.0.36 safer-networking.org
    > O1 - Hosts: 127.0.0.37 secure.spykiller.com
    > O1 - Hosts: 127.0.0.38 secureie.com
    > O1 - Hosts: 127.0.0.39 security.kolla.de
    > O1 - Hosts: 127.0.0.40 spybot.info
    > O1 - Hosts: 127.0.0.41 spychecker.com
    > O1 - Hosts: 127.0.0.42 spychecker.com
    > O1 - Hosts: 127.0.0.43 spycop.com
    > O1 - Hosts: 127.0.0.44 spyguard.com
    > O1 - Hosts: 127.0.0.45 spykiller.com
    > O1 - Hosts: 127.0.0.46 spyware.co.uk
    > O1 - Hosts: 127.0.0.47 spyware-cop.com
    > O1 - Hosts: 127.0.0.48 spywareinfo.com
    > O1 - Hosts: 127.0.0.49 spywarenuker.com
    > O1 - Hosts: 127.0.0.50 spywareremove.com
    > O1 - Hosts: 127.0.0.51 spywareremove.com
    > O1 - Hosts: 127.0.0.52 stopzillapro.com
    > O1 - Hosts: 127.0.0.53 sunbelt-software.com
    > O1 - Hosts: 127.0.0.54 thiefware.com
    > O1 - Hosts: 127.0.0.55 tomcoyote.org
    > O1 - Hosts: 127.0.0.56 unwantedlinks.com
    > O1 - Hosts: 127.0.0.57 webattack.com
    > O1 - Hosts: 127.0.0.58 wilders.org
    > O1 - Hosts: 127.0.0.59 www.auditmypc.com
    > O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    > O1 - Hosts: 127.0.0.61 www.cexx.org
    > O1 - Hosts: 127.0.0.62 www.computercops.us
    > O1 - Hosts: 127.0.0.63 www.ct7support.com
    > O1 - Hosts: 127.0.0.64 www.doxdesk.com
    > O1 - Hosts: 127.0.0.65 www.eblocs.com
    > O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    > O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    > O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    > O1 - Hosts: 127.0.0.69 www.grc.com
    > O1 - Hosts: 127.0.0.70 www.grisoft.com
    > O1 - Hosts: 127.0.0.71 www.hackfaq.org
    > O1 - Hosts: 127.0.0.72 www.hazeleger.net
    > O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    > O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    > O1 - Hosts: 127.0.0.75 www.kephyr.com
    > O1 - Hosts: 127.0.0.78 www.lurkhere.com
    > O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    > O1 - Hosts: 127.0.0.80 www.merijn.org
    > O1 - Hosts: 127.0.0.81 www.mjc1.com
    > O1 - Hosts: 127.0.0.82 www.moosoft.com
    > O1 - Hosts: 127.0.0.83 www.mvps.org
    > O1 - Hosts: 127.0.0.84 www.net-integration.net
    > O1 - Hosts: 127.0.0.85 www.noadware.net
    > O1 - Hosts: 127.0.0.86 www.no-spybot.com
    > O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    > O1 - Hosts: 127.0.0.88 www.pchell.com
    > O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    > O1 - Hosts: 127.0.0.90 www.safer-networking.org
    > O1 - Hosts: 127.0.0.91 www.secureie.com
    > O1 - Hosts: 127.0.0.92 www.security.kolla.de
    > O1 - Hosts: 127.0.0.93 www.spybot.info
    > O1 - Hosts: 127.0.0.94 www.spychecker.com
    > O1 - Hosts: 127.0.0.95 www.spychecker.com
    > O1 - Hosts: 127.0.0.96 www.spycop.com
    > O1 - Hosts: 127.0.0.97 www.spyguard.com
    > O1 - Hosts: 127.0.0.98 www.spykiller.com
    > O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
    > 1\SPYBOT~1\SDHelper.dll
    > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    > O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
    > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    > - c:\program files\google\googletoolbar1.dll
    > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
    > \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    > O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
    > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
    > \program files\google\googletoolbar1.dll
    > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
    > \PCMService.exe"
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    > \qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
    > \ccApp.exe"
    > O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
    > Security\UrlLstCk.exe
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
    > \Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    > \SNDMon.exe /Consumer
    > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
    > \mmtask.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
    > \bin\jusched.exe
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
    > \msmsgs.exe" /background
    > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
    > \DSAgnt.exe" /startup
    > O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
    > \InstallStub.exe -a
    > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    > Destroy\TeaTimer.exe
    > O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
    > \NaturallySpeaking\Program\natspeak.exe
    > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office\OSA9.EXE
    > O8 - Extra context menu item: &Google Search - res://c:\program files
    > \google\GoogleToolbar1.dll/cmsearch.html
    > O8 - Extra context menu item: Backward Links - res://c:\program files
    > \google\GoogleToolbar1.dll/cmbacklinks.html
    > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    > files\google\GoogleToolbar1.dll/cmcache.html
    > O8 - Extra context menu item: Similar Pages - res://c:\program files
    > \google\GoogleToolbar1.dll/cmsimilar.html
    > O8 - Extra context menu item: Translate into English - res://c:\program
    > files\google\GoogleToolbar1.dll/cmtrans.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    > 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
    > \WINDOWS\System32\Shdocvw.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    > BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    > O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
    > \NPBelv32.dll
    > O15 - Trusted Zone: *.musicmatch.com
    > O15 - Trusted Zone: *.musicmatch.com (HKLM)
    > O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
    > https://www.plaxo.com/down/latest/PlaxoInstall.cab
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    > Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    > O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
    > - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    > AntiVirus\navapsvc.exe
    > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    > Internet Security\Norton AntiVirus\SAVScan.exe
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
    > - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
    > \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




    Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries
    They are blocking you going to antivirus and antispyware sites (amongst
    others)
    for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping you
    getting the Spybot updates.

    Once you have removed these entries reboot into safe mode and do your
    antivirus and antispyware scans.

    Cheers
    Paul.
     
    PC, Sep 2, 2005
    #3
  4. Kevin Garrett

    pcbutts1 Guest

    Man they got her good. Have hijackthis fix the following lines by placing a
    check mark in each box and clicking on fix checked .

    O1 - Hosts: 127.0.0.0 localhost
    O1 - Hosts: 127.0.0.2 auditmypc.com
    O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    O1 - Hosts: 127.0.0.5 camtech2000.net
    O1 - Hosts: 127.0.0.6 cexx.org
    O1 - Hosts: 127.0.0.7 computercops.us
    O1 - Hosts: 127.0.0.8 ct7support.com
    O1 - Hosts: 127.0.0.9 doxdesk.com
    O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    O1 - Hosts: 127.0.0.21 kephyr.com
    O1 - Hosts: 127.0.0.24 lurkhere.com
    O1 - Hosts: 127.0.0.25 majorgeeks.com
    O1 - Hosts: 127.0.0.26 merijn.org
    O1 - Hosts: 127.0.0.27 mjc1.com
    O1 - Hosts: 127.0.0.28 moosoft.com
    O1 - Hosts: 127.0.0.29 mvps.org
    O1 - Hosts: 127.0.0.30 net-integration.net
    O1 - Hosts: 127.0.0.31 noadware.net
    O1 - Hosts: 127.0.0.32 no-spybot.com
    O1 - Hosts: 127.0.0.33 onlinepcfix.com
    O1 - Hosts: 127.0.0.34 pchell.com
    O1 - Hosts: 127.0.0.35 pestpatrol.com
    O1 - Hosts: 127.0.0.36 safer-networking.org
    O1 - Hosts: 127.0.0.37 secure.spykiller.com
    O1 - Hosts: 127.0.0.38 secureie.com
    O1 - Hosts: 127.0.0.39 security.kolla.de
    O1 - Hosts: 127.0.0.40 spybot.info
    O1 - Hosts: 127.0.0.41 spychecker.com
    O1 - Hosts: 127.0.0.42 spychecker.com
    O1 - Hosts: 127.0.0.43 spycop.com
    O1 - Hosts: 127.0.0.44 spyguard.com
    O1 - Hosts: 127.0.0.45 spykiller.com
    O1 - Hosts: 127.0.0.46 spyware.co.uk
    O1 - Hosts: 127.0.0.47 spyware-cop.com
    O1 - Hosts: 127.0.0.48 spywareinfo.com
    O1 - Hosts: 127.0.0.49 spywarenuker.com
    O1 - Hosts: 127.0.0.50 spywareremove.com
    O1 - Hosts: 127.0.0.51 spywareremove.com
    O1 - Hosts: 127.0.0.52 stopzillapro.com
    O1 - Hosts: 127.0.0.53 sunbelt-software.com
    O1 - Hosts: 127.0.0.54 thiefware.com
    O1 - Hosts: 127.0.0.55 tomcoyote.org
    O1 - Hosts: 127.0.0.56 unwantedlinks.com
    O1 - Hosts: 127.0.0.57 webattack.com
    O1 - Hosts: 127.0.0.58 wilders.org
    O1 - Hosts: 127.0.0.59 www.auditmypc.com
    O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    O1 - Hosts: 127.0.0.61 www.cexx.org
    O1 - Hosts: 127.0.0.62 www.computercops.us
    O1 - Hosts: 127.0.0.63 www.ct7support.com
    O1 - Hosts: 127.0.0.64 www.doxdesk.com
    O1 - Hosts: 127.0.0.65 www.eblocs.com
    O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    O1 - Hosts: 127.0.0.69 www.grc.com
    O1 - Hosts: 127.0.0.70 www.grisoft.com
    O1 - Hosts: 127.0.0.71 www.hackfaq.org
    O1 - Hosts: 127.0.0.72 www.hazeleger.net
    O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    O1 - Hosts: 127.0.0.75 www.kephyr.com
    O1 - Hosts: 127.0.0.78 www.lurkhere.com
    O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    O1 - Hosts: 127.0.0.80 www.merijn.org
    O1 - Hosts: 127.0.0.81 www.mjc1.com
    O1 - Hosts: 127.0.0.82 www.moosoft.com
    O1 - Hosts: 127.0.0.83 www.mvps.org
    O1 - Hosts: 127.0.0.84 www.net-integration.net
    O1 - Hosts: 127.0.0.85 www.noadware.net
    O1 - Hosts: 127.0.0.86 www.no-spybot.com
    O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    O1 - Hosts: 127.0.0.88 www.pchell.com
    O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    O1 - Hosts: 127.0.0.90 www.safer-networking.org
    O1 - Hosts: 127.0.0.91 www.secureie.com
    O1 - Hosts: 127.0.0.92 www.security.kolla.de
    O1 - Hosts: 127.0.0.93 www.spybot.info
    O1 - Hosts: 127.0.0.94 www.spychecker.com
    O1 - Hosts: 127.0.0.95 www.spychecker.com
    O1 - Hosts: 127.0.0.96 www.spycop.com
    O1 - Hosts: 127.0.0.97 www.spyguard.com
    O1 - Hosts: 127.0.0.98 www.spykiller.com
    O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab

    Once done then Download, install, update and run all of the following.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en




    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com



    "Kevin Garrett" <> wrote in message
    news:Xns96C4C15CC5133kevingarrettcomcastn@204.153.244.156...
    >I beleive my girlfriends computer got hijacked. She has run ad-aware and
    > attempted to run spybot 1.4. Spybot would not update the definitions but
    > I was able to do it manually. Still she is blocked from certain sites
    > including security.kolla.de, www.safer-networking.org, and
    > www.spywareinfo.com as well as others. The system is a Dell Dimension
    > 2400 running XP SP2.
    >
    > Anyway, we downloaded and ran Hijackthis. Hoping someone can interpret
    > the log. Thanks, Kevin
    >
    > Logfile of HijackThis v1.99.1
    > Scan saved at 6:38:47 PM, on 9/1/2005
    > Platform: Windows XP SP2 (WinNT 5.01.2600)
    > MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >
    > Running processes:
    > C:\WINDOWS\System32\smss.exe
    > C:\WINDOWS\system32\winlogon.exe
    > C:\WINDOWS\system32\services.exe
    > C:\WINDOWS\system32\lsass.exe
    > C:\WINDOWS\system32\svchost.exe
    > C:\WINDOWS\System32\svchost.exe
    > C:\WINDOWS\system32\spoolsv.exe
    > C:\WINDOWS\Explorer.EXE
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    > C:\WINDOWS\system32\hkcmd.exe
    > C:\Program Files\Dell\Media Experience\PCMService.exe
    > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    > C:\Program Files\Internet Explorer\iexplore.exe
    > C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    > C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    > C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    > C:\Program Files\Messenger\msmsgs.exe
    > C:\Program Files\Dell Support\DSAgnt.exe
    > C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
    > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    > C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    > C:\PROGRA~1\WINZIP\winzip32.exe
    > C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
    > \HijackThis.exe
    >
    > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.dell4me.com/myway
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://news.google.com/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://www.dell4me.com/myway
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://news.google.com/
    > O1 - Hosts: 127.0.0.0 localhost
    > O1 - Hosts: 127.0.0.2 auditmypc.com
    > O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    > O1 - Hosts: 127.0.0.5 camtech2000.net
    > O1 - Hosts: 127.0.0.6 cexx.org
    > O1 - Hosts: 127.0.0.7 computercops.us
    > O1 - Hosts: 127.0.0.8 ct7support.com
    > O1 - Hosts: 127.0.0.9 doxdesk.com
    > O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    > O1 - Hosts: 127.0.0.21 kephyr.com
    > O1 - Hosts: 127.0.0.24 lurkhere.com
    > O1 - Hosts: 127.0.0.25 majorgeeks.com
    > O1 - Hosts: 127.0.0.26 merijn.org
    > O1 - Hosts: 127.0.0.27 mjc1.com
    > O1 - Hosts: 127.0.0.28 moosoft.com
    > O1 - Hosts: 127.0.0.29 mvps.org
    > O1 - Hosts: 127.0.0.30 net-integration.net
    > O1 - Hosts: 127.0.0.31 noadware.net
    > O1 - Hosts: 127.0.0.32 no-spybot.com
    > O1 - Hosts: 127.0.0.33 onlinepcfix.com
    > O1 - Hosts: 127.0.0.34 pchell.com
    > O1 - Hosts: 127.0.0.35 pestpatrol.com
    > O1 - Hosts: 127.0.0.36 safer-networking.org
    > O1 - Hosts: 127.0.0.37 secure.spykiller.com
    > O1 - Hosts: 127.0.0.38 secureie.com
    > O1 - Hosts: 127.0.0.39 security.kolla.de
    > O1 - Hosts: 127.0.0.40 spybot.info
    > O1 - Hosts: 127.0.0.41 spychecker.com
    > O1 - Hosts: 127.0.0.42 spychecker.com
    > O1 - Hosts: 127.0.0.43 spycop.com
    > O1 - Hosts: 127.0.0.44 spyguard.com
    > O1 - Hosts: 127.0.0.45 spykiller.com
    > O1 - Hosts: 127.0.0.46 spyware.co.uk
    > O1 - Hosts: 127.0.0.47 spyware-cop.com
    > O1 - Hosts: 127.0.0.48 spywareinfo.com
    > O1 - Hosts: 127.0.0.49 spywarenuker.com
    > O1 - Hosts: 127.0.0.50 spywareremove.com
    > O1 - Hosts: 127.0.0.51 spywareremove.com
    > O1 - Hosts: 127.0.0.52 stopzillapro.com
    > O1 - Hosts: 127.0.0.53 sunbelt-software.com
    > O1 - Hosts: 127.0.0.54 thiefware.com
    > O1 - Hosts: 127.0.0.55 tomcoyote.org
    > O1 - Hosts: 127.0.0.56 unwantedlinks.com
    > O1 - Hosts: 127.0.0.57 webattack.com
    > O1 - Hosts: 127.0.0.58 wilders.org
    > O1 - Hosts: 127.0.0.59 www.auditmypc.com
    > O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    > O1 - Hosts: 127.0.0.61 www.cexx.org
    > O1 - Hosts: 127.0.0.62 www.computercops.us
    > O1 - Hosts: 127.0.0.63 www.ct7support.com
    > O1 - Hosts: 127.0.0.64 www.doxdesk.com
    > O1 - Hosts: 127.0.0.65 www.eblocs.com
    > O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    > O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    > O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    > O1 - Hosts: 127.0.0.69 www.grc.com
    > O1 - Hosts: 127.0.0.70 www.grisoft.com
    > O1 - Hosts: 127.0.0.71 www.hackfaq.org
    > O1 - Hosts: 127.0.0.72 www.hazeleger.net
    > O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    > O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    > O1 - Hosts: 127.0.0.75 www.kephyr.com
    > O1 - Hosts: 127.0.0.78 www.lurkhere.com
    > O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    > O1 - Hosts: 127.0.0.80 www.merijn.org
    > O1 - Hosts: 127.0.0.81 www.mjc1.com
    > O1 - Hosts: 127.0.0.82 www.moosoft.com
    > O1 - Hosts: 127.0.0.83 www.mvps.org
    > O1 - Hosts: 127.0.0.84 www.net-integration.net
    > O1 - Hosts: 127.0.0.85 www.noadware.net
    > O1 - Hosts: 127.0.0.86 www.no-spybot.com
    > O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    > O1 - Hosts: 127.0.0.88 www.pchell.com
    > O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    > O1 - Hosts: 127.0.0.90 www.safer-networking.org
    > O1 - Hosts: 127.0.0.91 www.secureie.com
    > O1 - Hosts: 127.0.0.92 www.security.kolla.de
    > O1 - Hosts: 127.0.0.93 www.spybot.info
    > O1 - Hosts: 127.0.0.94 www.spychecker.com
    > O1 - Hosts: 127.0.0.95 www.spychecker.com
    > O1 - Hosts: 127.0.0.96 www.spycop.com
    > O1 - Hosts: 127.0.0.97 www.spyguard.com
    > O1 - Hosts: 127.0.0.98 www.spykiller.com
    > O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    > C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~
    > 1\SPYBOT~1\SDHelper.dll
    > O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    > O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:
    > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    > - c:\program files\google\googletoolbar1.dll
    > O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:
    > \Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    > O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:
    > \Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
    > C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:
    > \program files\google\googletoolbar1.dll
    > O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    > O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    > O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience
    > \PCMService.exe"
    > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    > \qttask.exe" -atboottime
    > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared
    > \ccApp.exe"
    > O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
    > Security\UrlLstCk.exe
    > O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
    > \Update_OB\realsched.exe" -osboot
    > O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    > \SNDMon.exe /Consumer
    > O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox
    > \mmtask.exe
    > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02
    > \bin\jusched.exe
    > O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
    > \msmsgs.exe" /background
    > O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
    > \DSAgnt.exe" /startup
    > O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
    > \InstallStub.exe -a
    > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
    > Destroy\TeaTimer.exe
    > O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft
    > \NaturallySpeaking\Program\natspeak.exe
    > O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    > Office\Office\OSA9.EXE
    > O8 - Extra context menu item: &Google Search - res://c:\program files
    > \google\GoogleToolbar1.dll/cmsearch.html
    > O8 - Extra context menu item: Backward Links - res://c:\program files
    > \google\GoogleToolbar1.dll/cmbacklinks.html
    > O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    > files\google\GoogleToolbar1.dll/cmcache.html
    > O8 - Extra context menu item: Similar Pages - res://c:\program files
    > \google\GoogleToolbar1.dll/cmsimilar.html
    > O8 - Extra context menu item: Translate into English - res://c:\program
    > files\google\GoogleToolbar1.dll/cmtrans.html
    > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
    > C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-
    > 00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    > O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:
    > \WINDOWS\System32\Shdocvw.dll
    > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    > C:\Program Files\Messenger\msmsgs.exe
    > O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    > BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    > O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
    > \NPBelv32.dll
    > O15 - Trusted Zone: *.musicmatch.com
    > O15 - Trusted Zone: *.musicmatch.com (HKLM)
    > O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) -
    > https://www.plaxo.com/down/latest/PlaxoInstall.cab
    > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    > Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    > O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab
    > O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    > scanner) -
    > http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    > O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    > http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    > O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
    > Class) -
    > http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    > O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class)
    > - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    > O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
    > https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    > O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    > O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation -
    > C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    > O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
    > Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
    > AntiVirus\navapsvc.exe
    > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
    > Internet Security\Norton AntiVirus\SAVScan.exe
    > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation
    > - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    > O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:
    > \Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    pcbutts1, Sep 2, 2005
    #4
  5. Kevin Garrett

    ellis_jay Guest

    PC wrote:
    > "Kevin Garrett" <> wrote in message
    > news:Xns96C4C15CC5133kevingarrettcomcastn@204.153.244.156...
    >> I beleive my girlfriends computer got hijacked. She has run
    >> ad-aware and attempted to run spybot 1.4. Spybot would not update
    >> the definitions but I was able to do it manually. Still she is
    >> blocked from certain sites including security.kolla.de,
    >> www.safer-networking.org, and www.spywareinfo.com as well as others.
    >> The system is a Dell Dimension 2400 running XP SP2.
    >>
    >> Anyway, we downloaded and ran Hijackthis. Hoping someone can
    >> interpret the log. Thanks, Kevin
    >>
    >> Logfile of HijackThis v1.99.1
    >> Scan saved at 6:38:47 PM, on 9/1/2005
    >> Platform: Windows XP SP2 (WinNT 5.01.2600)
    >> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    >>
    >> Running processes:
    >> C:\WINDOWS\System32\smss.exe
    >> C:\WINDOWS\system32\winlogon.exe
    >> C:\WINDOWS\system32\services.exe
    >> C:\WINDOWS\system32\lsass.exe
    >> C:\WINDOWS\system32\svchost.exe
    >> C:\WINDOWS\System32\svchost.exe
    >> C:\WINDOWS\system32\spoolsv.exe
    >> C:\WINDOWS\Explorer.EXE
    >> C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    >> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    >> C:\Program Files\Norton Internet Security\Norton
    >> AntiVirus\navapsvc.exe C:\Program Files\Norton Internet
    >> Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common
    >> Files\Symantec Shared\SNDSrvc.exe
    >> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    >> C:\Program Files\Common Files\Symantec Shared\Security
    >> Center\SymWSC.exe C:\WINDOWS\system32\hkcmd.exe
    >> C:\Program Files\Dell\Media Experience\PCMService.exe
    >> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    >> C:\Program Files\Internet Explorer\iexplore.exe
    >> C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    >> C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
    >> C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    >> C:\Program Files\Messenger\msmsgs.exe
    >> C:\Program Files\Dell Support\DSAgnt.exe
    >> C:\Program Files\Plaxo\2.3.4.3\InstallStub.exe
    >> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    >> C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    >> C:\PROGRA~1\WINZIP\winzip32.exe
    >> C:\Documents and Settings\Donna\My Documents\Unzipped\hijackthis
    >> \HijackThis.exe
    >>
    >> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    >> = http://www.dell4me.com/myway
    >> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    >> http://news.google.com/
    >> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
    >> = http://www.dell4me.com/myway
    >> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    >> http://news.google.com/
    >> O1 - Hosts: 127.0.0.0 localhost
    >> O1 - Hosts: 127.0.0.2 auditmypc.com
    >> O1 - Hosts: 127.0.0.4 bulletproofsoft.net
    >> O1 - Hosts: 127.0.0.5 camtech2000.net
    >> O1 - Hosts: 127.0.0.6 cexx.org
    >> O1 - Hosts: 127.0.0.7 computercops.us
    >> O1 - Hosts: 127.0.0.8 ct7support.com
    >> O1 - Hosts: 127.0.0.9 doxdesk.com
    >> O1 - Hosts: 127.0.0.20 kellys-korner-xp.com
    >> O1 - Hosts: 127.0.0.21 kephyr.com
    >> O1 - Hosts: 127.0.0.24 lurkhere.com
    >> O1 - Hosts: 127.0.0.25 majorgeeks.com
    >> O1 - Hosts: 127.0.0.26 merijn.org
    >> O1 - Hosts: 127.0.0.27 mjc1.com
    >> O1 - Hosts: 127.0.0.28 moosoft.com
    >> O1 - Hosts: 127.0.0.29 mvps.org
    >> O1 - Hosts: 127.0.0.30 net-integration.net
    >> O1 - Hosts: 127.0.0.31 noadware.net
    >> O1 - Hosts: 127.0.0.32 no-spybot.com
    >> O1 - Hosts: 127.0.0.33 onlinepcfix.com
    >> O1 - Hosts: 127.0.0.34 pchell.com
    >> O1 - Hosts: 127.0.0.35 pestpatrol.com
    >> O1 - Hosts: 127.0.0.36 safer-networking.org
    >> O1 - Hosts: 127.0.0.37 secure.spykiller.com
    >> O1 - Hosts: 127.0.0.38 secureie.com
    >> O1 - Hosts: 127.0.0.39 security.kolla.de
    >> O1 - Hosts: 127.0.0.40 spybot.info
    >> O1 - Hosts: 127.0.0.41 spychecker.com
    >> O1 - Hosts: 127.0.0.42 spychecker.com
    >> O1 - Hosts: 127.0.0.43 spycop.com
    >> O1 - Hosts: 127.0.0.44 spyguard.com
    >> O1 - Hosts: 127.0.0.45 spykiller.com
    >> O1 - Hosts: 127.0.0.46 spyware.co.uk
    >> O1 - Hosts: 127.0.0.47 spyware-cop.com
    >> O1 - Hosts: 127.0.0.48 spywareinfo.com
    >> O1 - Hosts: 127.0.0.49 spywarenuker.com
    >> O1 - Hosts: 127.0.0.50 spywareremove.com
    >> O1 - Hosts: 127.0.0.51 spywareremove.com
    >> O1 - Hosts: 127.0.0.52 stopzillapro.com
    >> O1 - Hosts: 127.0.0.53 sunbelt-software.com
    >> O1 - Hosts: 127.0.0.54 thiefware.com
    >> O1 - Hosts: 127.0.0.55 tomcoyote.org
    >> O1 - Hosts: 127.0.0.56 unwantedlinks.com
    >> O1 - Hosts: 127.0.0.57 webattack.com
    >> O1 - Hosts: 127.0.0.58 wilders.org
    >> O1 - Hosts: 127.0.0.59 www.auditmypc.com
    >> O1 - Hosts: 127.0.0.60 www.bulletproofsoft.net
    >> O1 - Hosts: 127.0.0.61 www.cexx.org
    >> O1 - Hosts: 127.0.0.62 www.computercops.us
    >> O1 - Hosts: 127.0.0.63 www.ct7support.com
    >> O1 - Hosts: 127.0.0.64 www.doxdesk.com
    >> O1 - Hosts: 127.0.0.65 www.eblocs.com
    >> O1 - Hosts: 127.0.0.66 www.enigmasoftwaregroup.com
    >> O1 - Hosts: 127.0.0.67 www.free-spyware-scan.com
    >> O1 - Hosts: 127.0.0.68 www.free-web-browsers.com
    >> O1 - Hosts: 127.0.0.69 www.grc.com
    >> O1 - Hosts: 127.0.0.70 www.grisoft.com
    >> O1 - Hosts: 127.0.0.71 www.hackfaq.org
    >> O1 - Hosts: 127.0.0.72 www.hazeleger.net
    >> O1 - Hosts: 127.0.0.73 www.javacoolsoftware.com
    >> O1 - Hosts: 127.0.0.74 www.kellys-korner-xp.com
    >> O1 - Hosts: 127.0.0.75 www.kephyr.com
    >> O1 - Hosts: 127.0.0.78 www.lurkhere.com
    >> O1 - Hosts: 127.0.0.79 www.majorgeeks.com
    >> O1 - Hosts: 127.0.0.80 www.merijn.org
    >> O1 - Hosts: 127.0.0.81 www.mjc1.com
    >> O1 - Hosts: 127.0.0.82 www.moosoft.com
    >> O1 - Hosts: 127.0.0.83 www.mvps.org
    >> O1 - Hosts: 127.0.0.84 www.net-integration.net
    >> O1 - Hosts: 127.0.0.85 www.noadware.net
    >> O1 - Hosts: 127.0.0.86 www.no-spybot.com
    >> O1 - Hosts: 127.0.0.87 www.onlinepcfix.com
    >> O1 - Hosts: 127.0.0.88 www.pchell.com
    >> O1 - Hosts: 127.0.0.89 www.pestpatrol.com
    >> O1 - Hosts: 127.0.0.90 www.safer-networking.org
    >> O1 - Hosts: 127.0.0.91 www.secureie.com
    >> O1 - Hosts: 127.0.0.92 www.security.kolla.de
    >> O1 - Hosts: 127.0.0.93 www.spybot.info
    >> O1 - Hosts: 127.0.0.94 www.spychecker.com
    >> O1 - Hosts: 127.0.0.95 www.spychecker.com
    >> O1 - Hosts: 127.0.0.96 www.spycop.com
    >> O1 - Hosts: 127.0.0.97 www.spyguard.com
    >> O1 - Hosts: 127.0.0.98 www.spykiller.com
    >> O1 - Hosts: 127.0.0.99 www.spyware.co.uk
    >> O2 - BHO: AcroIEHlprObj Class -
    >> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
    >> Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    >> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    >> C:\PROGRA~ 1\SPYBOT~1\SDHelper.dll
    >> O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no
    >> file) O2 - BHO: CNisExtBho Class -
    >> {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C: \Program Files\Common
    >> Files\Symantec Shared\AdBlocking\NISShExt.dll
    >> O2 - BHO: Google Toolbar Helper -
    >> {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
    >> files\google\googletoolbar1.dll
    >> O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872}
    >> - C: \Program Files\Norton Internet Security\Norton
    >> AntiVirus\NavShExt.dll
    >> O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no
    >> file) O3 - Toolbar: Web assistant -
    >> {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C: \Program Files\Common
    >> Files\Symantec Shared\AdBlocking\NISShExt.dll
    >> O3 - Toolbar: Norton AntiVirus -
    >> {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
    >> Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar:
    >> &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: \program
    >> files\google\googletoolbar1.dll
    >> O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    >> O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    >> O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media
    >> Experience \PCMService.exe"
    >> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
    >> \qttask.exe" -atboottime
    >> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
    >> Shared \ccApp.exe"
    >> O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet
    >> Security\UrlLstCk.exe
    >> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
    >> \Update_OB\realsched.exe" -osboot
    >> O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
    >> \SNDMon.exe /Consumer
    >> O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
    >> Jukebox \mmtask.exe
    >> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
    >> Files\Java\jre1.5.0_02 \bin\jusched.exe
    >> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger
    >> \msmsgs.exe" /background
    >> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support
    >> \DSAgnt.exe" /startup
    >> O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.3.4.3
    >> \InstallStub.exe -a
    >> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot -
    >> Search & Destroy\TeaTimer.exe
    >> O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program
    >> Files\ScanSoft \NaturallySpeaking\Program\natspeak.exe
    >> O4 - Global Startup: Microsoft Office.lnk = C:\Program
    >> Files\Microsoft Office\Office\OSA9.EXE
    >> O8 - Extra context menu item: &Google Search - res://c:\program files
    >> \google\GoogleToolbar1.dll/cmsearch.html
    >> O8 - Extra context menu item: Backward Links - res://c:\program files
    >> \google\GoogleToolbar1.dll/cmbacklinks.html
    >> O8 - Extra context menu item: Cached Snapshot of Page -
    >> res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    >> O8 - Extra context menu item: Similar Pages - res://c:\program files
    >> \google\GoogleToolbar1.dll/cmsimilar.html
    >> O8 - Extra context menu item: Translate into English -
    >> res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    >> O9 - Extra button: (no name) -
    >> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
    >> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    >> O9 - Extra 'Tools' menuitem: Sun Java Console -
    >> {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\Program
    >> Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    >> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    >> - C: \WINDOWS\System32\Shdocvw.dll
    >> O9 - Extra button: Messenger -
    >> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    >> Files\Messenger\msmsgs.exe
    >> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
    >> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    >> O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins
    >> \NPBelv32.dll
    >> O15 - Trusted Zone: *.musicmatch.com
    >> O15 - Trusted Zone: *.musicmatch.com (HKLM)
    >> O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class)
    >> - https://www.plaxo.com/down/latest/PlaxoInstall.cab
    >> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
    >> Advantage Validation Tool) -
    >> http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF:
    >> {1C78AB3F-A857-482E-80C0-3A1E5238A565} - file://C:\install.cab O16 -
    >> DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
    >> scanner) -
    >> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    >> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter
    >> Class) -
    >> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    >> O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
    >> Utility Class) -
    >> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    >> O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo
    >> Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    >> O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj
    >> Class) -
    >> https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    >> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    >> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
    >> Corporation - C:\Program Files\Common Files\Symantec
    >> Shared\ccEvtMgr.exe
    >> O23 - Service: Symantec Network Proxy (ccProxy) - Symantec
    >> Corporation - C:\Program Files\Common Files\Symantec
    >> Shared\ccProxy.exe
    >> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
    >> Corporation - C:\Program Files\Common Files\Symantec
    >> Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager
    >> (ccSetMgr) - Symantec Corporation - C:\Program Files\Common
    >> Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus
    >> Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program
    >> Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    >> O23 - Service: SAVScan - Symantec Corporation - C:\Program
    >> Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    >> O23 - Service: ScriptBlocking Service (SBService) - Symantec
    >> Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    >> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
    >> Corporation - C:\Program Files\Common Files\Symantec
    >> Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec
    >> Corporation - C: \Program Files\Common Files\Symantec
    >> Shared\Security Center\SymWSC.exe

    >
    >
    >
    > Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries
    > They are blocking you going to antivirus and antispyware sites
    > (amongst others)
    > for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping
    > you getting the Spybot updates.


    safer.networking IS Spyot Search and Destroy.

    Isearch is:
    http://www.google.com/search?hl=en&lr=&q=1C78AB3F-A857-482E-80C0-3A1E5238A565&btnG=Search



    >
    > Once you have removed these entries reboot into safe mode and do your
    > antivirus and antispyware scans.
    >
    > Cheers
    > Paul.


    --

    Their ethics are a short summary of police ordinances: for them the
    most important thing is to be a useful member of the state, and to air
    their opinions in the club of an evening; they have never felt the
    homesickness for something unknown and far away, nor the depths which
    consists in being nothing at all. ___________Soren Kierkegaard

    Ellis_jay
     
    ellis_jay, Sep 5, 2005
    #5
  6. Kevin Garrett

    samuel Guest

    samuel, Sep 5, 2005
    #6
  7. Kevin Garrett

    PC Guest

    "ellis_jay" <> wrote in message
    news:...

    big snip
    >>
    >> Remove all the O1 - Hosts: 127.0.0.36 xxxxxxxx entries
    >> They are blocking you going to antivirus and antispyware sites
    >> (amongst others)
    >> for example O1 - Hosts: 127.0.0.36 safer-networking.org is stopping
    >> you getting the Spybot updates.

    >
    > safer.networking IS Spyot Search and Destroy.


    snip

    Kinda thought that was obvious from my reply!
    Paul
     
    PC, Sep 5, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Rich Gabriele

    Hijack This Log - Please Help

    Rich Gabriele, May 26, 2004, in forum: Computer Support
    Replies:
    1
    Views:
    437
    °Mike°
    May 26, 2004
  2. Watcher111

    Browser Hijack... Help Please!!

    Watcher111, May 5, 2005, in forum: Computer Support
    Replies:
    14
    Views:
    741
    ellis_jay
    May 6, 2005
  3. Daryl

    Hijack This Log - Help Please!

    Daryl, Nov 12, 2005, in forum: Computer Support
    Replies:
    11
    Views:
    584
    Ron Martell
    Nov 14, 2005
  4. Replies:
    5
    Views:
    1,427
  5. BIG DAVE

    HiJack-This log.... please help.

    BIG DAVE, Jan 17, 2008, in forum: Computer Support
    Replies:
    10
    Views:
    1,606
Loading...

Share This Page