|
WE HAVE MOVED. Please see our NEW Computer Forums |
11-26-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !! See you there, Larry HjtGo to the Tech-Forums Discussion Home PagePosted by: brookbend can someone look at my HJT log? thanx. Logfile of HijackThis v1.97.7 Scan saved at 11:12:15 AM, on 3/8/2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\WFXSVC.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\Program Files\Symantec\WinFax\WFXMOD32.EXE C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Grisoft\AVG6\avgcc32.exe C:\WINNT\svchost.exe C:\WINNT\system32\wfxsnt40.exe C:\Program Files\Symantec\WinFax\wfxctl32.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Paul Marcus\Desktop\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://auto.ie.searchforge.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://auto.ie.searchforge.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://auto.ie.searchforge.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://auto.ie.searchforge.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://auto.ie.searchforge.com/[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://auto.ie.searchforge.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://auto.ie.searchforge.com/[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://auto.ie.searchforge.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://allneedsearch.com/[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = [url]http://riviera.cc[/url] (obfuscated) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup O4 - HKLM\..\Run: [AVGCtrl] C:\Documents and Settings\Paul Marcus\Desktop\AVGNT.EXE /min O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINNT\System32\MSTMON_J.EXE O4 - HKLM\..\Run: [SSL] C:\WINNT\svchost.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINNT\image.dll,Install O4 - HKLM\..\RunOnce: [atpanel] regsvr32.exe /s "C:\Program Files\Common Files\Microsoft Shared\Web Folders\pubplace.dll" O4 - HKLM\..\RunOnce: [nvpdep] regsvr32 /s /u C:\WINDOWS\dnserr.dll O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O4 - Global Startup: WinFax Application Port Starter.lnk = C:\WINNT\system32\wfxsnt40.exe O4 - Global Startup: WinFax PRO Controller.lnk = C:\Program Files\Symantec\WinFax\wfxctl32.exe O4 - Global Startup: winlogon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - [url]http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab[/url] O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - [url]http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[/url] O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - [url]http://office.microsoft.com/officeupdate/content/opuc.cab[/url] O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - [url]http://www.installengine.com/engine/isetup.cab[/url] O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - [url]http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37828.3424074074[/url] O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - [url]http://mirror.worldwinner.com/games/v40/hangman/hangman.cab[/url] O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - [url]http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url] O19 - User stylesheet: C:\Program Files\Internet Explorer\readme.txt Posted by: mobo First you need to run CWs Shredder Download CWShredder: [url]http://www.spywareinfo.com/~merijn/files/CWShredder.exe[/url] Run and hit the ->fix tab to fix all found problems CWShredder takes advantage of security holes in windows so you should install all critical as well as hotfixes available from windows update. Then post a fresh log please. Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site |