Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
Help with Web Dialer Help with Web Dialer
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 10-01-2004, 08:10 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 2
OS: winXP


Help with Web Dialer
A web dialer has taken over my computer. I try deleting it but it comes back. I have run Norton but it did not find anything. I am not very computer savy, so please keep the explainations and help to my beginner level Here are my hijackthis log and my adaware log:

Logfile of HijackThis v1.98.2
Scan saved at 8:47:44 PM, on 10/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\systime.exe
C:\Documents and Settings\User\Application Data\n?x??n.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\w?wexec.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\WebSiteViewer\124845.dlr
C:\Program Files\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {67A41205-EC44-3B97-D450-12550EF57E40} - C:\WINDOWS\System32\jobz.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [YPC] C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKCU\..\Run: [Usrr] C:\Documents and Settings\User\Application Data\n?x??n.exe
O4 - HKCU\..\Run: [Jjdmc] C:\WINDOWS\System32\w?wexec.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv68/x.chm::/load.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...dceabcca450006
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab







Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Friday, October 01, 2004 8:58:40 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R342 25.09.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


10-1-2004 8:58:40 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 10-2-2004 1:37:56 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:37:59 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:00 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 1/30/2003 12:59:31 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/29/2002 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:00 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 1/30/2003 12:59:12 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/29/2002 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:01 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/30/2003 12:59:36 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/29/2002 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:01 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/30/2003 12:59:36 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/29/2002 12:00:00 PM

#:7 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-2-2004 1:38:03 AM
BasePriority : Normal
FileSize : 161 KB
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
Copyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Client and Host Security Platform
Created on : 8/14/2004 1:17:48 AM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 8/14/2004 1:17:48 AM

#:8 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 10-2-2004 1:38:04 AM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 1/30/2003 12:59:06 PM
Last accessed : 10/2/2004 1:45:03 AM
Last modified : 8/29/2002 12:00:00 PM

#:9 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-2-2004 1:38:05 AM
BasePriority : Normal
FileSize : 201 KB
FileVersion : 5.4.0.110
ProductVersion : 5.4
Copyright : Copyright 2002, 2003, 2004 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
OriginalFilename : SndSrvc.exe
ProductName : Symantec Security Drivers
Created on : 8/14/2004 12:00:44 AM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 8/14/2004 12:00:44 AM

#:10 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ThreadCreationTime : 10-2-2004 1:38:05 AM
BasePriority : Normal
FileSize : 169 KB
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
Copyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
OriginalFilename : SPBBCSvc.exe
ProductName : SPBBC
Created on : 7/21/2004 9:24:04 PM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 7/21/2004 9:24:04 PM

#:11 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-2-2004 1:38:06 AM
BasePriority : Normal
FileSize : 193 KB
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
Copyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Client and Host Security Platform
Created on : 8/14/2004 1:17:40 AM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 8/14/2004 1:17:40 AM

#:12 [mhotkey.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 10-2-2004 1:38:07 AM
BasePriority : Normal
FileSize : 466 KB
FileVersion : 2, 2, 2, 0
ProductVersion : 2, 2, 2, 0
Copyright : Copyright (c) 2001 Chicony
CompanyName : Chicony
FileDescription : Chicony Multimedia Driver
InternalName : Multimedia Hotkey Driver
OriginalFilename : mHotkey.res
ProductName : Chicony Multimedia Driver
Created on : 1/30/2003 12:05:06 AM
Last accessed : 10/2/2004 1:38:07 AM
Last modified : 7/23/2002 7:09:48 PM

#:13 [s3tray2.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:07 AM
BasePriority : Normal
FileSize : 68 KB
FileVersion : 1.00.19-0113
ProductVersion : 1.00.19-0113
Copyright : Copyright (C) 2001-2003 S3 S3 Graphics, Inc.
CompanyName : S3 Graphics, Inc.
FileDescription : s3contrl
InternalName : s3contrl
OriginalFilename : s3contrl.exe
ProductName : S3 Graphics Utilities
Created on : 2/25/2003 10:33:14 AM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 2/25/2003 10:33:14 AM

#:14 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.18
ProductVersion : 8.18
Copyright : (C) 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 3/26/2003 2:17:14 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 3/26/2003 2:17:14 PM

#:15 [ybrwicon.exe]
FilePath : C:\Program Files\Yahoo!\browser\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 56 KB
FileVersion : 2003, 7, 11, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Yahoo!, Inc.
FileDescription : YBrwIcon
InternalName : YBrwIcon
OriginalFilename : YBrwIcon.exe
ProductName : Yahoo!, Inc. YBrwIcon
Created on : 7/10/2004 1:37:35 AM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 7/11/2003 7:51:16 PM

#:16 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 384 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright (C) 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
OriginalFilename : HomePortal Monitor.EXE
ProductName : HomePortal Monitor Application
Created on : 7/10/2004 1:34:18 AM
Last accessed : 10/2/2004 1:38:11 AM
Last modified : 10/10/2003 10:14:46 AM

#:17 [ypc.exe]
FilePath : C:\Program Files\Yahoo!\Parental Controls\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 352 KB
FileVersion : 2003, 10, 20, 1
ProductVersion : 3, 0, 3, 409
Copyright : Copyright
CompanyName : Yahoo! Inc.
FileDescription : YPC Module
InternalName : YPC
OriginalFilename : YPC.EXE
ProductName : YPC Module
Created on : 7/10/2004 1:38:08 AM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 10/20/2003 8:22:42 PM

#:18 [systime.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 3 KB
Created on : 9/28/2004 8:08:26 PM
Last accessed : 10/2/2004 1:38:08 AM
Last modified : 9/28/2004 8:08:27 PM

#:19 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 1/30/2003 12:59:33 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/29/2002 12:00:00 PM

#:20 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 8.18
ProductVersion : 8.18
Copyright : (C) 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 3/26/2003 2:16:04 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 3/26/2003 2:16:04 PM

#:21 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 57 KB
FileVersion : 103.0.1.26
ProductVersion : 103.0.1.26
Copyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Client and Host Security Platform
Created on : 8/14/2004 1:17:38 AM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/14/2004 1:17:38 AM

#:22 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 1476 KB
FileVersion : 4.7.0041
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 1/29/2003 9:14:16 PM
Last accessed : 10/2/2004 1:38:08 AM
Last modified : 8/20/2002 11:08:38 PM

#:23 [systime.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 3 KB
Created on : 9/28/2004 8:08:26 PM
Last accessed : 10/2/2004 1:38:08 AM
Last modified : 9/28/2004 8:08:27 PM

#:24 [n?x??n.exe]
FilePath : C:\Documents and Settings\User\Application Data\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 80 KB
Created on : 9/28/2004 8:08:50 PM
Last accessed : 10/2/2004 1:38:08 AM
Last modified : 9/28/2004 8:08:50 PM

#:25 [ycommon.exe]
FilePath : C:\PROGRA~1\Yahoo!\browser\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 208 KB
FileVersion : 2003, 7, 14, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright 2003 Yahoo! Inc.
CompanyName : Yahoo!, Inc.
FileDescription : YCommon Exe Module
InternalName : YCommonExe
OriginalFilename : YCommon.EXE
ProductName : YCommon Exe Module
Created on : 7/10/2004 1:37:21 AM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 7/14/2003 2:55:44 PM

#:26 [w?wexec.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:08 AM
BasePriority : Normal
FileSize : 10 KB

#:27 [bigfix.exe]
FilePath : C:\Program Files\BigFix\
ThreadCreationTime : 10-2-2004 1:38:10 AM
BasePriority : Normal
FileSize : 1689 KB
FileVersion : 1, 6, 1, 8
ProductVersion : 1, 6, 1, 8
Copyright : Copyright
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
OriginalFilename : BigFix.exe
ProductName : BigFix
Created on : 1/29/2003 11:43:49 PM
Last accessed : 10/2/2004 1:38:13 AM
Last modified : 11/2/2001 6:44:04 PM

#:28 [hpohmr08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 10-2-2004 1:38:10 AM
BasePriority : Normal
FileSize : 144 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Device Objects
InternalName : HPOHMR08
OriginalFilename : HPOHMR08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 4/6/2003 6:17:18 AM
Last accessed : 10/2/2004 1:38:15 AM
Last modified : 4/6/2003 6:17:18 AM

#:29 [hpotdd01.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 10-2-2004 1:38:10 AM
BasePriority : Normal
FileSize : 28 KB
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Copyright : Copyright
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
OriginalFilename : hpotdd01.exe
ProductName : Hewlett-Packard hpotdd01
Created on : 4/6/2003 658 AM
Last accessed : 10/2/2004 1:38:11 AM
Last modified : 4/6/2003 658 AM

#:30 [gwremind.exe]
FilePath : C:\Program Files\Greetings Workshop\
ThreadCreationTime : 10-2-2004 1:38:11 AM
BasePriority : Normal
FileSize : 49 KB
FileVersion : 2, 0, 1, 1470
ProductVersion : 2, 0, 1, 0
Copyright : Copyright
CompanyName : Microsoft Corporation
FileDescription : gwremind
InternalName : gwremind
OriginalFilename : gwremind.exe
ProductName : Microsoft Greetings Workshop Reminder
Created on : 9/4/1997 5:00:00 AM
Last accessed : 10/2/2004 1:38:11 AM
Last modified : 9/4/1997 5:00:00 AM

#:31 [osa.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ThreadCreationTime : 10-2-2004 1:38:11 AM
BasePriority : Normal
FileSize : 50 KB
Created on : 11/21/1996 5:00:00 AM
Last accessed : 10/2/2004 1:38:11 AM
Last modified : 11/21/1996 5:00:00 AM

#:32 [hpoevm08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\
ThreadCreationTime : 10-2-2004 1:38:14 AM
BasePriority : Normal
FileSize : 280 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet COM Event Manager
InternalName : HPOEVM08
OriginalFilename : HPOEVM08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 4/6/2003 5:45:10 AM
Last accessed : 10/2/2004 1:58:41 AM
Last modified : 4/6/2003 5:45:10 AM

#:33 [mainserv.exe]
FilePath : C:\Program Files\APC\APC PowerChute Personal Edition\
ThreadCreationTime : 10-2-2004 1:38:15 AM
BasePriority : Normal
FileSize : 152 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright
CompanyName : American Power Conversion Corporation
FileDescription : Battery backup management service
InternalName : PowerChute
OriginalFilename : PowerChute
ProductName : APC PowerChute Personal Edition
Created on : 10/5/2003 11:05:27 PM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 10/15/2002 8:10:34 PM

#:34 [apcsystray.exe]
FilePath : C:\Program Files\APC\APC PowerChute Personal Edition\
ThreadCreationTime : 10-2-2004 1:38:15 AM
BasePriority : Normal
FileSize : 404 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 3, 0, 0
Copyright : Copyright
CompanyName : American Power Conversion Corporation
FileDescription : PowerChute system tray power icon
InternalName : PowerChute
OriginalFilename : PowerChute
ProductName : APC PowerChute Personal Edition
Created on : 10/5/2003 11:05:27 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 10/15/2002 8:11:24 PM

#:35 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 10-2-2004 1:38:16 AM
BasePriority : Normal
FileSize : 172 KB
FileVersion : 11.0.2.4
ProductVersion : 11.0.2
Copyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 8/30/2004 11:34:20 PM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 8/30/2004 11:34:20 PM

#:36 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ThreadCreationTime : 10-2-2004 1:38:16 AM
BasePriority : Normal
FileSize : 45 KB
FileVersion : 11.0.2.4
ProductVersion : 11.0.2
Copyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
OriginalFilename : NPFMonitor.EXE
ProductName : Norton AntiVirus
Created on : 8/30/2004 11:34:42 PM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 8/30/2004 11:34:42 PM

#:37 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:19 AM
BasePriority : Normal
FileSize : 44 KB
FileVersion : 2.80.00(24Apr2000)
ProductVersion : 2.80.00
Copyright : Copyright
FileDescription : User-Level Modem Service
InternalName : slserv
OriginalFilename : slserv.exe
ProductName : Modem
Created on : 1/30/2003 1:00:12 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 7/2/2002 11:49:42 PM

#:38 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:20 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/30/2003 12:59:36 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 8/29/2002 12:00:00 PM

#:39 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 10-2-2004 1:38:20 AM
BasePriority : Normal
FileSize : 800 KB
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
Copyright : Copyright (C) 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 9/29/2004 3:39:30 AM
Last accessed : 10/2/2004 1:05:26 AM
Last modified : 9/29/2004 3:39:30 AM

#:40 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 10-2-2004 1:38:21 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
Copyright : Copyright
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
OriginalFilename : WanMPSvc.exe
ProductName : America Online
Created on : 7/5/2004 7:26:52 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 9/25/2001 5:32:50 PM

#:41 [ypcser~1.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 10-2-2004 1:38:28 AM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 2003, 5, 19, 1
ProductVersion : 3, 0, 0, 409
Copyright : Copyright
CompanyName : Yahoo! Inc.
FileDescription : YPCService Module
InternalName : YPCService
OriginalFilename : YPCService.EXE
ProductName : YPCService Module

#:42 [hpzipm12.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:38:29 AM
BasePriority : Normal
FileSize : 64 KB
FileVersion : 6, 0, 0, 0
ProductVersion : 6, 0, 0, 0
Copyright : Copyright
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
OriginalFilename : PmlDrv.exe
ProductName : HP PML
Created on : 8/12/2004 11:25:26 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 3/9/2003 4:31:02 AM

#:43 [hposts08.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\
ThreadCreationTime : 10-2-2004 1:39:05 AM
BasePriority : Normal
FileSize : 304 KB
FileVersion : 4.2.0.020
ProductVersion : 2.4.1.020
Copyright : Copyright (C) Hewlett-Packard Co. 1995-2001
CompanyName : Hewlett-Packard Co.
FileDescription : HP OfficeJet Status
InternalName : HPOSTS08
OriginalFilename : HPOSTS08.EXE
ProductName : hp digital imaging - hp all-in-one series
Created on : 4/6/2003 5:55:04 AM
Last accessed : 10/2/2004 1:58:42 AM
Last modified : 4/6/2003 5:55:04 AM

#:44 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 10-2-2004 1:39:41 AM
BasePriority : Normal
FileSize : 136 KB
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 1/29/2003 9:13:57 PM
Last accessed : 10/2/2004 1:39:41 AM
Last modified : 8/29/2002 12:00:00 PM

#:45 [124845.dlr]
FilePath : C:\Program Files\WebSiteViewer\
ThreadCreationTime : 10-2-2004 1:43:56 AM
BasePriority : Normal
FileSize : 79 KB
Created on : 8/31/2004 4:12:17 PM
Last accessed : 10/2/2004 1:43:59 AM
Last modified : 10/2/2004 1:43:53 AM

#:46 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 10-2-2004 1:58:27 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/23/2004 7:45:51 PM
Last accessed : 10/2/2004 1:37:48 AM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Ezula


TIB Browser Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\WebSiteViewer


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 2
Objects found so far: 2


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 2


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : user@atdmt[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 10/2/2004 1:50:22 AM
Last accessed : 10/2/2004 1:50:22 AM
Last modified : 10/2/2004 1:50:22 AM



Tracking Cookie Object recognized!
Type : File
Data : user@casalemedia[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 10/2/2004 1:34:18 AM
Last accessed : 10/2/2004 1:34:18 AM
Last modified : 10/2/2004 1:34:18 AM



Tracking Cookie Object recognized!
Type : File
Data : user@centrport[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 10/2/2004 1:51:50 AM
Last accessed : 10/2/2004 1:51:50 AM
Last modified : 10/2/2004 1:51:50 AM



Tracking Cookie Object recognized!
Type : File
Data : user@doubleclick[1].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 10/2/2004 1:53:21 AM
Last accessed : 10/2/2004 1:54:09 AM
Last modified : 10/2/2004 1:54:09 AM



Tracking Cookie Object recognized!
Type : File
Data : user@tribalfusion[2].txt
Object : C:\Documents and Settings\User\Cookies\

Created on : 10/2/2004 1:34:17 AM
Last accessed : 10/2/2004 1:34:17 AM
Last modified : 10/2/2004 1:34:17 AM


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Web Offer


EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}


EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}


EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}


EzuLa Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}


EzuLa Object recognized!
Type : Folder
Object : c:\documents and settings\user\start menu\programs\TopText iLookup


TIB Browser Object recognized!
Type : Folder
Object : c:\program files\WebSiteViewer


TIB Browser Object recognized!
Type : File
Data : 124845.ban
Object : c:\program files\websiteviewer\
FileSize : 12 KB
Created on : 8/4/2002 11:42:00 AM
Last accessed : 10/2/2004 1:43:55 AM
Last modified : 10/2/2004 1:43:55 AM



TIB Browser Object recognized!
Type : File
Data : 124845.dd
Object : c:\program files\websiteviewer\
FileSize : 15 KB
Created on : 10/2/2004 1:43:49 AM
Last accessed : 10/2/2004 1:43:55 AM
Last modified : 10/2/2004 1:43:55 AM



TIB Browser Object recognized!
Type : File
Data : 124845.dlr
Object : c:\program files\websiteviewer\
FileSize : 79 KB
Created on : 8/31/2004 4:12:17 PM
Last accessed : 10/2/2004 1:43:59 AM
Last modified : 10/2/2004 1:43:53 AM



TIB Browser Object recognized!
Type : File
Data : 124845.exe
Object : c:\program files\websiteviewer\
FileSize : 25 KB
Created on : 10/2/2004 1:43:55 AM
Last accessed : 10/2/2004 1:44:25 AM
Last modified : 10/1/2004 8:38:59 PM



TIB Browser Object recognized!
Type : File
Data : 124845.ico
Object : c:\program files\websiteviewer\

Created on : 1/4/2003 9:04:42 PM
Last accessed : 10/2/2004 1:43:55 AM
Last modified : 10/2/2004 1:43:55 AM



Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 12
Objects found so far: 19


9:01:35 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:02:54:344
Objects scanned :49581
Objects identified :19
Objects ignored :0
New objects :19
dalmationx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 10-01-2004, 09:37 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3


Hi dalmationx
Close your browser window,run hjt in safe mode and fix these items.Any files/folders that I have highlighted will also need to be removed from your hard drive as well as from the log. Make sure to have your system set to show hidden files and folders.. www.xtra.co.nz/help/0,,4155-1916458,00.html while still in safe mode,run "SpyBot S&D" and fix all it finds..Post a new log when finished....

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {67A41205-EC44-3B97-D450-12550EF57E40} - C:\WINDOWS\System32\jobz.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [Usrr] C:\Documents and Settings\User\Application Data\n?x??n.exe
O4 - HKCU\..\Run: [Jjdmc] C:\WINDOWS\System32\w?wexec.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://213.159.117.133/dl/adv68/x.chm::/load.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...edceabcca450006
__________________
An Australian Member of



Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 10-02-2004, 04:51 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2004
Posts: 2
OS: winXP


I did everything. Here's the new log:

Logfile of HijackThis v1.98.2
Scan saved at 5:44:03 AM, on 10/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [mswspl] C:\Program Files\Windows Media Player\wmplayer.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [YPC] C:\Program Files\Yahoo!\Parental Controls\YPC.EXE
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS\System32\systime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Broken Internet access because of LSP provider 'ypclsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {AE609930-A6EB-4A78-B7DA-B3200705FEBD} (Mophun Control) - http://www.mophun.com/codebase/mophun.cab
dalmationx is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 10-02-2004, 07:31 AM   #4 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3


Ok.you can if you wish remove the three R1 items.Apart from that you are clean
__________________
An Australian Member of



Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:15 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82