HijackThis Log Help Needed bhavin92...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

bhavin92

Thread Starter
Joined
Oct 2, 2003
Messages
10
Hi This is My Hijuack THis log...
Please Suggest me..the changes..

Bye


Logfile of HijackThis v1.97.2
Scan saved at 4:42:02 PM, on 10/2/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\KeyProbe.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Easy File & Folder Protector\EFPAP.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msipcsv.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com
O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\ipinsigt.dll
O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSView.DLL
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINDOWS\rem00001.dll
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINDOWS\bs2.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.95-big.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\IEHelper.dll
O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\System32\amcis2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.95-big.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Key Probe] C:\WINDOWS\KeyProbe.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE C:\WINDOWS\bs2.dll,DllRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EFPAP.exe] C:\Program Files\Easy File & Folder Protector\EFPAP.exe
O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: Ebates (HKCU)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://216.65.38.226/Download_Plugin.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37640.8237037037
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} (Installer Class) - http://www.tradeexit.com/Config.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6CE4236-6A92-4A9B-98F5-2CCDA174622D}: NameServer = 203.94.227.70 203.94.243.70
 
Joined
Jul 24, 2003
Messages
420
Close all browser windows , Scan Hijack This , put a check in the following entries and hit ''Fix Checked'' ,

O1 - Hosts: 66.159.18.17 www.greatfreehost.com
O1 - Hosts: 66.159.18.17 greatfreehost.com
O1 - Hosts: 66.159.18.17 www.hotfreehost.com
O1 - Hosts: 66.159.18.17 hotfreehost.com
O1 - Hosts: 66.159.18.17 www.agreathost.net
O1 - Hosts: 66.159.18.17 agreathost.net
O1 - Hosts: 66.159.18.17 www32.smutserver.com
O1 - Hosts: 66.159.18.17 www31.smutserver.com
O1 - Hosts: 66.159.18.17 www30.smutserver.com
O1 - Hosts: 66.159.18.17 www29.smutserver.com
O1 - Hosts: 66.159.18.17 www28.smutserver.com
O1 - Hosts: 66.159.18.17 www27.smutserver.com
O1 - Hosts: 66.159.18.17 www26.smutserver.com
O1 - Hosts: 66.159.18.17 www25.smutserver.com
O1 - Hosts: 66.159.18.17 www24.smutserver.com
O1 - Hosts: 66.159.18.17 www23.smutserver.com
O1 - Hosts: 66.159.18.17 www22.smutserver.com
O1 - Hosts: 66.159.18.17 www21.smutserver.com
O1 - Hosts: 66.159.18.17 www20.smutserver.com
O1 - Hosts: 66.159.18.17 www19.smutserver.com
O1 - Hosts: 66.159.18.17 www15.smutserver.com
O1 - Hosts: 66.159.18.17 www18.smutserver.com
O1 - Hosts: 66.159.18.17 www17.smutserver.com
O1 - Hosts: 66.159.18.17 www14.smutserver.com
O1 - Hosts: 66.159.18.17 www9.smutserver.com
O1 - Hosts: 66.159.18.17 www13.smutserver.com
O1 - Hosts: 66.159.18.17 www12.smutserver.com
O1 - Hosts: 66.159.18.17 www11.smutserver.com
O1 - Hosts: 66.159.18.17 www10.smutserver.com
O1 - Hosts: 66.159.18.17 www8.smutserver.com
O1 - Hosts: 66.159.18.17 www7.smutserver.com
O1 - Hosts: 66.159.18.17 www6.smutserver.com
O1 - Hosts: 66.159.18.17 www5.smutserver.com
O1 - Hosts: 66.159.18.17 www4.smutserver.com
O1 - Hosts: 66.159.18.17 www3.smutserver.com
O1 - Hosts: 66.159.18.17 www16.smutserver.com
O1 - Hosts: 66.159.18.17 www2.smutserver.com
O1 - Hosts: 66.159.18.17 smutserver.com
O1 - Hosts: 66.159.18.17 www1.smutserver.com
O1 - Hosts: 66.159.18.17 www10.kinghost.com
O1 - Hosts: 66.159.18.17 www.smutserver.com
O1 - Hosts: 66.159.18.17 www9.kinghost.com
O1 - Hosts: 66.159.18.17 www7.kinghost.com
O1 - Hosts: 66.159.18.17 www8.kinghost.com
O1 - Hosts: 66.159.18.17 www6.kinghost.com
O1 - Hosts: 66.159.18.17 www5.kinghost.com
O1 - Hosts: 66.159.18.17 www4.kinghost.com
O1 - Hosts: 66.159.18.17 www.kinghost.com
O1 - Hosts: 66.159.18.17 www3.kinghost.com
O1 - Hosts: 66.159.18.17 www2.kinghost.com
O1 - Hosts: 66.159.18.17 www1.kinghost.com
O1 - Hosts: 66.159.18.17 kinghost.com
O1 - Hosts: 66.159.18.17 www.ndhosting.com
O1 - Hosts: 66.159.18.17 www2.ndhosting.com
O1 - Hosts: 66.159.18.17 www3.ndhosting.com
O1 - Hosts: 66.159.18.17 www1.ndhosting.com
O1 - Hosts: 66.159.18.17 ndhosting.com
O1 - Hosts: 66.159.18.17 www.freesmutpages.com
O1 - Hosts: 66.159.18.17 apornhost.com
O1 - Hosts: 66.159.18.17 nasty-pages.com
O1 - Hosts: 66.159.18.17 www.nasty-pages.com
O1 - Hosts: 66.159.18.17 sexyfreehost.com
O1 - Hosts: 66.159.18.17 www.apornhost.com
O1 - Hosts: 66.159.18.17 www.sexyfreehost.com
O1 - Hosts: 66.159.18.17 x4web.com
O1 - Hosts: 66.159.18.17 www.x4web.com
O1 - Hosts: 66.159.18.17 sexplanets.com
O1 - Hosts: 66.159.18.17 www.sexplanets.com
O1 - Hosts: 66.159.18.17 maxismut.com
O1 - Hosts: 66.159.18.17 www.maxismut.com
O1 - Hosts: 66.159.18.17 tgpfriendly.com
O1 - Hosts: 66.159.18.17 www.tgpfriendly.com
O1 - Hosts: 66.159.18.17 tgp-server.com
O1 - Hosts: 66.159.18.17 www.tgp-server.com
O1 - Hosts: 66.159.18.17 magnaplza.com
O1 - Hosts: 66.159.18.17 free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.free-xxx-server.com
O1 - Hosts: 66.159.18.17 www.magnaplza.com
O1 - Hosts: 66.159.18.17 libereco.net
O1 - Hosts: 66.159.18.17 0190-dialer.com
O1 - Hosts: 66.159.18.17 www.0190-dialer.com
O1 - Hosts: 66.159.18.17 www.libereco.net
O1 - Hosts: 66.159.18.17 xxxod.net
O1 - Hosts: 66.159.18.17 altsights.com
O1 - Hosts: 66.159.18.17 www.altsights.com
O1 - Hosts: 66.159.18.17 www.xxxod.net
O1 - Hosts: 66.159.18.17 adulthosting.com
O1 - Hosts: 66.159.18.17 www.adulthosting.com
O1 - Hosts: 66.159.18.17 superhova.com
O1 - Hosts: 66.159.18.17 bestpornhost.com
O1 - Hosts: 66.159.18.17 www.superhova.com
O1 - Hosts: 66.159.18.17 www.bestpornhost.com
O1 - Hosts: 66.159.18.17 hostingfree.com
O1 - Hosts: 66.159.18.17 www.hostingfree.com
O1 - Hosts: 66.159.18.17 xfreehosting.com
O1 - Hosts: 66.159.18.17 www.xfreehosting.com
O1 - Hosts: 66.159.18.17 blinghosting.com
O1 - Hosts: 66.159.18.17 www.blinghosting.com
O1 - Hosts: 66.159.18.17 x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 www.x-x-x-hosting.com
O1 - Hosts: 66.159.18.17 pornparks.com

O2 - BHO: (no name) - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINDOWS\ipinsigt.dll

O2 - BHO: (no name) - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSView.DLL

O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINDOWS\rem00001.dll

O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll

O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINDOWS\bs2.dll

O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\IEHelper.dll

O2 - BHO: (no name) - {EBBFE27C-BDF0-11D2-BBE5-00609419F467} - C:\WINDOWS\System32\amcis2.dll

O4 - HKLM\..\Run: [Key Probe] C:\WINDOWS\KeyProbe.exe

O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE C:\WINDOWS\bs2.dll,DllRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [winpopup] C:\WINDOWS\winupie.exe

O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm

O9 - Extra button: Ebates (HKCU)

O16 - DPF: {F0230524-9D39-4E84-8452-41C592961EA7} (Installer Class) - http://www.tradeexit.com/Config.cab


Reboot your computer in Safe Mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

Navigate to and Delete the following

C:\WINDOWS\KeyProbe.exe > File
C:\WINDOWS\System32\msipcsv.exe > File
C:\Program Files\EbatesMoeMoneyMaker > Folder

Download and install Spybot search & destroy www.security.kolla.de Open Spybot search & destroy , Click Online , Search for updates , Download all available updates , log offline , Close all browser windows , check your taskbar for minimized windows as well , Run Spybot search & destroy , put a check in every entry Spybot search & destroy returns , Click fix problems. Shutdown & Reboot your computer

Consider installing SpywareBlaster v2.6.1 and SpywareGuard v2.2 for the prevention of both Spyware Active X installation and running , and Browser Hijacking protection in real-time http://www.wilderssecurity.net/index.html

When you're finished Rescan Hijack This and post a new log for a follow-up review

Good luck
 

bhavin92

Thread Starter
Joined
Oct 2, 2003
Messages
10
Hi......BlueSpruce


Logfile of HijackThis v1.97.2
Scan saved at 6:43:39 PM, on 10/2/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\KeyProbe.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Easy File & Folder Protector\EFPAP.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and

Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start

Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local

Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page =
O2 - BHO: (no name) -

{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program

Files\DAP\DAPIEBar.dll
O2 - BHO: (no name) -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) -

{AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\windows\googletoolbar_en_2.0.95-big.dll
O2 - BHO: (no name) -

{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar -

{62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program

Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} -

c:\windows\googletoolbar_en_2.0.95-big.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent]

C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Key Probe] C:\WINDOWS\KeyProbe.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program

Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program

Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE

TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program

Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EFPAP.exe] C:\Program Files\Easy File &

Folder Protector\EFPAP.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WordWeb.lnk = C:\Program

Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &Download with &DAP -

C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search -

res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsearch.h

tml
O8 - Extra context menu item: &NeoTrace It! -

C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Backward &Links -

res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmbacklink

s.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -

res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmcache.ht

ml
O8 - Extra context menu item: Si&milar Pages -

res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.

html
O8 - Extra context menu item: Translate Page -

res://c:\windows\GoogleToolbar_en_2.0.95-big.dll/cmtrans.ht

ml
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack -

http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Literati -

http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}

(Shockwave ActiveX Control) -

http://download.macromedia.com/pub/shockwave/cabs/director/

sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(YInstStarter Class) -

http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update

Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl

.CAB?37640.8237037037
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E}

(PhotosCtrl Class) -

http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

(Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swf

lash.cab
 

bhavin92

Thread Starter
Joined
Oct 2, 2003
Messages
10
Hey about that KeyProbe entry...i only installed myself..so i guess that should not create problem..
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top