11-8-2009: Sorry for the inconvenience. We finally upgraded to vBulletin 3 !!
See you there,
Larry

---

my very first hijack this log... please look....

Go to the Tech-Forums Discussion Home Page

---

Posted by: Static_11

Logfile of HijackThis v1.99.1
Scan saved at 3:27:24 PM, on 5/11/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\VTTimer.exe
C:\reg.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Shawn\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = i dont know who this is but if ur reading it it prolly means ur not supposed to be here to get off!!!!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_
7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_
7_0.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [REGRUN] C:\reg.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [url]http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab[/url]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [url]http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE7D40FD-F186-40C8-831E-39358044620E}: NameServer = 207.230.32.1 209.74.143.1
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: MS Software Generic Host Process for Win32 Services (svchost) - Unknown owner - C:\WINDOWS\SYSTEM\svchost.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe






that might be hard to read so...

---

Posted by: Blitze105

Have hijackthis fix these:
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - (no file)
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

That is all i see

---

Posted by: Warez Monster

Remove entires at your own risk

C:\WINDOWS\SYSTEM\svchost.exe running process. (svchost.exe)
This process is not running from the System32 folder as it is supposed to be. This entry is not running from the System32 folder, so it is probably nasty.
Possibly nasty! According to our database this process runs normally in c:\windows\system32\! Check if you know this process and arrange a viruscheck where required.

C:\reg.exe This is a unknown process.


O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D} - (no file) Entries found in this registry zone are potentially nasty. This application ([4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D] - Result: 4E7BD74F-2B8D-469E-C0FF-FD69B994BD7D) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Must be fixed!

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain Unknown application.

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm The entry &AIM Search has been identified as nasty.

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - [url]http://ak.imgfarm.com/images/nocach...up1.0.0.8-2.cab[/url] This entry is possibly nasty. Should be fixed.

O17 - HKLM\System\CCS\Services\Tcpip\..\{CE7D40FD-F186-40C8-831E-39358044620E}: NameServer = 207.230.32.1 209.74.143.1 If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '207.230.32.1 209.74.143.1'? If not, fix this entry.

---

Please Visit the Online Configurator, Email Hosting, Internet Marketing , Computer Schools , Software for Real Estate , AAOutlook , Search Engine Site