1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HiJackThis Log

Discussion in 'Virus & Other Malware Removal' started by Katt, Sep 11, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Katt

    Katt Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    24
    I think I put it in the wrong place before so I'm reposting it here.

    Logfile of HijackThis v1.97.1
    Scan saved at 10:45:50 PM, on 11/09/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\sistray.EXE
    C:\WINNT\System32\khooker.exe
    C:\WINNT\system32\pctspk.exe
    C:\Program Files\PCI Audio Applications\Mixer.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\Program Files\Srng\Srng.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\COURTE~1\LOCALS~1\Temp\Rar$EX00.076\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=106745
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.shopnav.com/apps/epa/epa?cid=shnv9886&s=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shopnav.com/search/9886/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.katt.au.tt/
    O1 - Hosts: 66.159.20.80 www1.ndhosting.com
    O1 - Hosts: 66.159.20.80 www3.ndhosting.com
    O1 - Hosts: 66.159.20.80 www2.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.kinghost.com
    O1 - Hosts: 66.159.20.80 kinghost.com
    O1 - Hosts: 66.159.20.80 www1.kinghost.com
    O1 - Hosts: 66.159.20.80 www2.kinghost.com
    O1 - Hosts: 66.159.20.80 www3.kinghost.com
    O1 - Hosts: 66.159.20.80 www4.kinghost.com
    O1 - Hosts: 66.159.20.80 www5.kinghost.com
    O1 - Hosts: 66.159.20.80 www6.kinghost.com
    O1 - Hosts: 66.159.20.80 www7.kinghost.com
    O1 - Hosts: 66.159.20.80 www8.kinghost.com
    O1 - Hosts: 66.159.20.80 www9.kinghost.com
    O1 - Hosts: 66.159.20.80 www10.kinghost.com
    O1 - Hosts: 66.159.20.80 www.smutserver.com
    O1 - Hosts: 66.159.20.80 smutserver.com
    O1 - Hosts: 66.159.20.80 www1.smutserver.com
    O1 - Hosts: 66.159.20.80 www2.smutserver.com
    O1 - Hosts: 66.159.20.80 www16.smutserver.com
    O1 - Hosts: 66.159.20.80 www3.smutserver.com
    O1 - Hosts: 66.159.20.80 www4.smutserver.com
    O1 - Hosts: 66.159.20.80 www5.smutserver.com
    O1 - Hosts: 66.159.20.80 www6.smutserver.com
    O1 - Hosts: 66.159.20.80 www7.smutserver.com
    O1 - Hosts: 66.159.20.80 www8.smutserver.com
    O1 - Hosts: 66.159.20.80 www9.smutserver.com
    O1 - Hosts: 66.159.20.80 www10.smutserver.com
    O1 - Hosts: 66.159.20.80 www11.smutserver.com
    O1 - Hosts: 66.159.20.80 www12.smutserver.com
    O1 - Hosts: 66.159.20.80 www13.smutserver.com
    O1 - Hosts: 66.159.20.80 www14.smutserver.com
    O1 - Hosts: 66.159.20.80 www15.smutserver.com
    O1 - Hosts: 66.159.20.80 www17.smutserver.com
    O1 - Hosts: 66.159.20.80 www18.smutserver.com
    O1 - Hosts: 66.159.20.80 www19.smutserver.com
    O1 - Hosts: 66.159.20.80 www20.smutserver.com
    O1 - Hosts: 66.159.20.80 www21.smutserver.com
    O1 - Hosts: 66.159.20.80 www22.smutserver.com
    O1 - Hosts: 66.159.20.80 www23.smutserver.com
    O1 - Hosts: 66.159.20.80 www24.smutserver.com
    O1 - Hosts: 66.159.20.80 www25.smutserver.com
    O1 - Hosts: 66.159.20.80 www26.smutserver.com
    O1 - Hosts: 66.159.20.80 www27.smutserver.com
    O1 - Hosts: 66.159.20.80 www28.smutserver.com
    O1 - Hosts: 66.159.20.80 www29.smutserver.com
    O1 - Hosts: 66.159.20.80 www30.smutserver.com
    O1 - Hosts: 66.159.20.80 www31.smutserver.com
    O1 - Hosts: 66.159.20.80 www32.smutserver.com
    O1 - Hosts: 66.159.20.80 agreathost.net
    O1 - Hosts: 66.159.20.80 www.agreathost.net
    O1 - Hosts: 66.159.20.80 hotfreehost.com
    O1 - Hosts: 66.159.20.80 www.hotfreehost.com
    O1 - Hosts: 66.159.20.80 greatfreehost.com
    O1 - Hosts: 66.159.20.80 www.greatfreehost.com
    O1 - Hosts: 66.159.20.80 freesmutpages.com
    O1 - Hosts: 66.159.20.80 www.freesmutpages.com
    O1 - Hosts: 66.159.20.80 apornhost.com
    O1 - Hosts: 66.159.20.80 www.apornhost.com
    O1 - Hosts: 66.159.20.80 nasty-pages.com
    O1 - Hosts: 66.159.20.80 www.nasty-pages.com
    O1 - Hosts: 66.159.20.80 sexyfreehost.com
    O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
    O1 - Hosts: 66.159.20.80 x4web.com
    O1 - Hosts: 66.159.20.80 www.x4web.com
    O1 - Hosts: 66.159.20.80 sexplanets.com
    O1 - Hosts: 66.159.20.80 www.sexplanets.com
    O1 - Hosts: 66.159.20.80 maxismut.com
    O1 - Hosts: 66.159.20.80 www.maxismut.com
    O1 - Hosts: 66.159.20.80 tgpfriendly.com
    O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
    O1 - Hosts: 66.159.20.80 tgp-server.com
    O1 - Hosts: 66.159.20.80 www.tgp-server.com
    O1 - Hosts: 66.159.20.80 magnaplza.com
    O1 - Hosts: 66.159.20.80 www.magnaplza.com
    O1 - Hosts: 66.159.20.80 free-xxx-server.com
    O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
    O1 - Hosts: 66.159.20.80 libereco.net
    O1 - Hosts: 66.159.20.80 www.libereco.net
    O1 - Hosts: 66.159.20.80 0190-dialer.com
    O1 - Hosts: 66.159.20.80 www.0190-dialer.com
    O1 - Hosts: 66.159.20.80 xxxod.net
    O1 - Hosts: 66.159.20.80 www.xxxod.net
    O1 - Hosts: 66.159.20.80 altsights.com
    O1 - Hosts: 66.159.20.80 www.altsights.com
    O1 - Hosts: 66.159.20.80 adulthosting.com
    O1 - Hosts: 66.159.20.80 www.adulthosting.com
    O1 - Hosts: 66.159.20.80 superhova.com
    O1 - Hosts: 66.159.20.80 www.superhova.com
    O1 - Hosts: 66.159.20.80 bestpornhost.com
    O1 - Hosts: 66.159.20.80 www.bestpornhost.com
    O1 - Hosts: 66.159.20.80 hostingfree.com
    O1 - Hosts: 66.159.20.80 www.hostingfree.com
    O1 - Hosts: 66.159.20.80 xfreehosting.com
    O1 - Hosts: 66.159.20.80 www.xfreehosting.com
    O1 - Hosts: 66.159.20.80 blinghosting.com
    O1 - Hosts: 66.159.20.80 www.blinghosting.com
    O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 pornparks.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
    O2 - BHO: (no name) - {2B3452C5-1B9A-440F-A203-F6ED0F64C895} - C:\WINNT\rem00001.dll
    O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - C:\WINNT\bs2.dll
    O2 - BHO: (no name) - {A096A159-4E58-45A9-8EE6-B11466851181} - C:\WINNT\msiebho.dll
    O2 - BHO: (no name) - {B675B75C-D869-42CE-9CF9-804AC534E7D0} - C:\WINNT\system32\msieuftp.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {9C3D72D8-119A-4253-B052-52ECFB357B1B} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [srng] \Program Files\Srng\Srng.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [BookedSpace] RunDLL32.EXE C:\WINNT\bs2.dll,DllRun
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\RunOnce: [eZstub] C:\WINNT\system32\eZstub.exe /Uninstall2 C:\Program Files\eZula
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37846.1699305556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF51C732-E6BE-4F0B-9C9D-08EFF8DF3D7F}: NameServer = 139.134.5.51 139.134.2.190
     
  2. putasolution

    putasolution

    Joined:
    Mar 20, 2003
    Messages:
    4,823
    And I 'll repost my advice ;)

    Start off by downloading Spybot

    Once installed, start it,
    Click Updates | Search for Updates
    and if necessary Download Updates

    Now Click Search and destroy
    Click Check for Problems

    It may take a bit of time to do the scan, but when done, put a check mark against the red and green labelled items and click Fix Selected Problems

    Once done, repost a new Hijack this log :)
     
  3. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,330
    And I'll add a second opinion:

    Before posting another log please do the following.

    Go here http://www.lavasoftusa.com/software/adaware/ and download Adaware 6

    Install the program and launch it.

    I strongly recommend that you read the help file to familiarize yourself with the program.

    Before running the scan look at the top of the main window and you will see a Gear Icon. This is where you configure the settings. Click on that and then in the next window that pops up click on the "Scanning" tab on the left side. Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.
    The click on the "Tweak" tab and under "Scanning engine" put a check by "Unload recognized processes during scanning" ...........then......under "Cleaning engine" put a ckeck by "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot" then click "Proceed"

    Next in the main window look in the bottom right corner and click on "Check for updates now" and get the latest referencefiles.
    After getting the latest referencefiles you are ready to scan.

    Click "Start" and in the next window make sure "Active in depth scanning" is checked then click "Next" and the scan will begin.

    When it is finished let it fix everything it finds.

    Restart your computer.

    If you run both Spybot and Adaware before posting another log most of the baddies should be gone. However there will likely be some left for removal with HJT.
     
  4. Katt

    Katt Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    24
    Thankyou so much for your help so far!

    This is the log after running both Spybot: Search and Destroy and Adaware6

    Logfile of HijackThis v1.97.1
    Scan saved at 11:40:23 PM, on 11/09/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\sistray.EXE
    C:\WINNT\System32\khooker.exe
    C:\WINNT\system32\pctspk.exe
    C:\Program Files\PCI Audio Applications\Mixer.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINNT\explorer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\COURTE~1\LOCALS~1\Temp\Rar$EX00.973\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.katt.au.tt/
    O1 - Hosts: 66.159.20.80 www1.ndhosting.com
    O1 - Hosts: 66.159.20.80 www3.ndhosting.com
    O1 - Hosts: 66.159.20.80 www2.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.kinghost.com
    O1 - Hosts: 66.159.20.80 kinghost.com
    O1 - Hosts: 66.159.20.80 www1.kinghost.com
    O1 - Hosts: 66.159.20.80 www2.kinghost.com
    O1 - Hosts: 66.159.20.80 www3.kinghost.com
    O1 - Hosts: 66.159.20.80 www4.kinghost.com
    O1 - Hosts: 66.159.20.80 www5.kinghost.com
    O1 - Hosts: 66.159.20.80 www6.kinghost.com
    O1 - Hosts: 66.159.20.80 www7.kinghost.com
    O1 - Hosts: 66.159.20.80 www8.kinghost.com
    O1 - Hosts: 66.159.20.80 www9.kinghost.com
    O1 - Hosts: 66.159.20.80 www10.kinghost.com
    O1 - Hosts: 66.159.20.80 www.smutserver.com
    O1 - Hosts: 66.159.20.80 smutserver.com
    O1 - Hosts: 66.159.20.80 www1.smutserver.com
    O1 - Hosts: 66.159.20.80 www2.smutserver.com
    O1 - Hosts: 66.159.20.80 www16.smutserver.com
    O1 - Hosts: 66.159.20.80 www3.smutserver.com
    O1 - Hosts: 66.159.20.80 www4.smutserver.com
    O1 - Hosts: 66.159.20.80 www5.smutserver.com
    O1 - Hosts: 66.159.20.80 www6.smutserver.com
    O1 - Hosts: 66.159.20.80 www7.smutserver.com
    O1 - Hosts: 66.159.20.80 www8.smutserver.com
    O1 - Hosts: 66.159.20.80 www9.smutserver.com
    O1 - Hosts: 66.159.20.80 www10.smutserver.com
    O1 - Hosts: 66.159.20.80 www11.smutserver.com
    O1 - Hosts: 66.159.20.80 www12.smutserver.com
    O1 - Hosts: 66.159.20.80 www13.smutserver.com
    O1 - Hosts: 66.159.20.80 www14.smutserver.com
    O1 - Hosts: 66.159.20.80 www15.smutserver.com
    O1 - Hosts: 66.159.20.80 www17.smutserver.com
    O1 - Hosts: 66.159.20.80 www18.smutserver.com
    O1 - Hosts: 66.159.20.80 www19.smutserver.com
    O1 - Hosts: 66.159.20.80 www20.smutserver.com
    O1 - Hosts: 66.159.20.80 www21.smutserver.com
    O1 - Hosts: 66.159.20.80 www22.smutserver.com
    O1 - Hosts: 66.159.20.80 www23.smutserver.com
    O1 - Hosts: 66.159.20.80 www24.smutserver.com
    O1 - Hosts: 66.159.20.80 www25.smutserver.com
    O1 - Hosts: 66.159.20.80 www26.smutserver.com
    O1 - Hosts: 66.159.20.80 www27.smutserver.com
    O1 - Hosts: 66.159.20.80 www28.smutserver.com
    O1 - Hosts: 66.159.20.80 www29.smutserver.com
    O1 - Hosts: 66.159.20.80 www30.smutserver.com
    O1 - Hosts: 66.159.20.80 www31.smutserver.com
    O1 - Hosts: 66.159.20.80 www32.smutserver.com
    O1 - Hosts: 66.159.20.80 agreathost.net
    O1 - Hosts: 66.159.20.80 www.agreathost.net
    O1 - Hosts: 66.159.20.80 hotfreehost.com
    O1 - Hosts: 66.159.20.80 www.hotfreehost.com
    O1 - Hosts: 66.159.20.80 greatfreehost.com
    O1 - Hosts: 66.159.20.80 www.greatfreehost.com
    O1 - Hosts: 66.159.20.80 freesmutpages.com
    O1 - Hosts: 66.159.20.80 www.freesmutpages.com
    O1 - Hosts: 66.159.20.80 apornhost.com
    O1 - Hosts: 66.159.20.80 www.apornhost.com
    O1 - Hosts: 66.159.20.80 nasty-pages.com
    O1 - Hosts: 66.159.20.80 www.nasty-pages.com
    O1 - Hosts: 66.159.20.80 sexyfreehost.com
    O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
    O1 - Hosts: 66.159.20.80 x4web.com
    O1 - Hosts: 66.159.20.80 www.x4web.com
    O1 - Hosts: 66.159.20.80 sexplanets.com
    O1 - Hosts: 66.159.20.80 www.sexplanets.com
    O1 - Hosts: 66.159.20.80 maxismut.com
    O1 - Hosts: 66.159.20.80 www.maxismut.com
    O1 - Hosts: 66.159.20.80 tgpfriendly.com
    O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
    O1 - Hosts: 66.159.20.80 tgp-server.com
    O1 - Hosts: 66.159.20.80 www.tgp-server.com
    O1 - Hosts: 66.159.20.80 magnaplza.com
    O1 - Hosts: 66.159.20.80 www.magnaplza.com
    O1 - Hosts: 66.159.20.80 free-xxx-server.com
    O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
    O1 - Hosts: 66.159.20.80 libereco.net
    O1 - Hosts: 66.159.20.80 www.libereco.net
    O1 - Hosts: 66.159.20.80 0190-dialer.com
    O1 - Hosts: 66.159.20.80 www.0190-dialer.com
    O1 - Hosts: 66.159.20.80 xxxod.net
    O1 - Hosts: 66.159.20.80 www.xxxod.net
    O1 - Hosts: 66.159.20.80 altsights.com
    O1 - Hosts: 66.159.20.80 www.altsights.com
    O1 - Hosts: 66.159.20.80 adulthosting.com
    O1 - Hosts: 66.159.20.80 www.adulthosting.com
    O1 - Hosts: 66.159.20.80 superhova.com
    O1 - Hosts: 66.159.20.80 www.superhova.com
    O1 - Hosts: 66.159.20.80 bestpornhost.com
    O1 - Hosts: 66.159.20.80 www.bestpornhost.com
    O1 - Hosts: 66.159.20.80 hostingfree.com
    O1 - Hosts: 66.159.20.80 www.hostingfree.com
    O1 - Hosts: 66.159.20.80 xfreehosting.com
    O1 - Hosts: 66.159.20.80 www.xfreehosting.com
    O1 - Hosts: 66.159.20.80 blinghosting.com
    O1 - Hosts: 66.159.20.80 www.blinghosting.com
    O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 pornparks.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {B675B75C-D869-42CE-9CF9-804AC534E7D0} - C:\WINNT\system32\msieuftp.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {9C3D72D8-119A-4253-B052-52ECFB357B1B} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37846.1699305556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,330
    Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O1 - Hosts: 66.159.20.80 www1.ndhosting.com
    O1 - Hosts: 66.159.20.80 www3.ndhosting.com
    O1 - Hosts: 66.159.20.80 www2.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.ndhosting.com
    O1 - Hosts: 66.159.20.80 www.kinghost.com
    O1 - Hosts: 66.159.20.80 kinghost.com
    O1 - Hosts: 66.159.20.80 www1.kinghost.com
    O1 - Hosts: 66.159.20.80 www2.kinghost.com
    O1 - Hosts: 66.159.20.80 www3.kinghost.com
    O1 - Hosts: 66.159.20.80 www4.kinghost.com
    O1 - Hosts: 66.159.20.80 www5.kinghost.com
    O1 - Hosts: 66.159.20.80 www6.kinghost.com
    O1 - Hosts: 66.159.20.80 www7.kinghost.com
    O1 - Hosts: 66.159.20.80 www8.kinghost.com
    O1 - Hosts: 66.159.20.80 www9.kinghost.com
    O1 - Hosts: 66.159.20.80 www10.kinghost.com
    O1 - Hosts: 66.159.20.80 www.smutserver.com
    O1 - Hosts: 66.159.20.80 smutserver.com
    O1 - Hosts: 66.159.20.80 www1.smutserver.com
    O1 - Hosts: 66.159.20.80 www2.smutserver.com
    O1 - Hosts: 66.159.20.80 www16.smutserver.com
    O1 - Hosts: 66.159.20.80 www3.smutserver.com
    O1 - Hosts: 66.159.20.80 www4.smutserver.com
    O1 - Hosts: 66.159.20.80 www5.smutserver.com
    O1 - Hosts: 66.159.20.80 www6.smutserver.com
    O1 - Hosts: 66.159.20.80 www7.smutserver.com
    O1 - Hosts: 66.159.20.80 www8.smutserver.com
    O1 - Hosts: 66.159.20.80 www9.smutserver.com
    O1 - Hosts: 66.159.20.80 www10.smutserver.com
    O1 - Hosts: 66.159.20.80 www11.smutserver.com
    O1 - Hosts: 66.159.20.80 www12.smutserver.com
    O1 - Hosts: 66.159.20.80 www13.smutserver.com
    O1 - Hosts: 66.159.20.80 www14.smutserver.com
    O1 - Hosts: 66.159.20.80 www15.smutserver.com
    O1 - Hosts: 66.159.20.80 www17.smutserver.com
    O1 - Hosts: 66.159.20.80 www18.smutserver.com
    O1 - Hosts: 66.159.20.80 www19.smutserver.com
    O1 - Hosts: 66.159.20.80 www20.smutserver.com
    O1 - Hosts: 66.159.20.80 www21.smutserver.com
    O1 - Hosts: 66.159.20.80 www22.smutserver.com
    O1 - Hosts: 66.159.20.80 www23.smutserver.com
    O1 - Hosts: 66.159.20.80 www24.smutserver.com
    O1 - Hosts: 66.159.20.80 www25.smutserver.com
    O1 - Hosts: 66.159.20.80 www26.smutserver.com
    O1 - Hosts: 66.159.20.80 www27.smutserver.com
    O1 - Hosts: 66.159.20.80 www28.smutserver.com
    O1 - Hosts: 66.159.20.80 www29.smutserver.com
    O1 - Hosts: 66.159.20.80 www30.smutserver.com
    O1 - Hosts: 66.159.20.80 www31.smutserver.com
    O1 - Hosts: 66.159.20.80 www32.smutserver.com
    O1 - Hosts: 66.159.20.80 agreathost.net
    O1 - Hosts: 66.159.20.80 www.agreathost.net
    O1 - Hosts: 66.159.20.80 hotfreehost.com
    O1 - Hosts: 66.159.20.80 www.hotfreehost.com
    O1 - Hosts: 66.159.20.80 greatfreehost.com
    O1 - Hosts: 66.159.20.80 www.greatfreehost.com
    O1 - Hosts: 66.159.20.80 freesmutpages.com
    O1 - Hosts: 66.159.20.80 www.freesmutpages.com
    O1 - Hosts: 66.159.20.80 apornhost.com
    O1 - Hosts: 66.159.20.80 www.apornhost.com
    O1 - Hosts: 66.159.20.80 nasty-pages.com
    O1 - Hosts: 66.159.20.80 www.nasty-pages.com
    O1 - Hosts: 66.159.20.80 sexyfreehost.com
    O1 - Hosts: 66.159.20.80 www.sexyfreehost.com
    O1 - Hosts: 66.159.20.80 x4web.com
    O1 - Hosts: 66.159.20.80 www.x4web.com
    O1 - Hosts: 66.159.20.80 sexplanets.com
    O1 - Hosts: 66.159.20.80 www.sexplanets.com
    O1 - Hosts: 66.159.20.80 maxismut.com
    O1 - Hosts: 66.159.20.80 www.maxismut.com
    O1 - Hosts: 66.159.20.80 tgpfriendly.com
    O1 - Hosts: 66.159.20.80 www.tgpfriendly.com
    O1 - Hosts: 66.159.20.80 tgp-server.com
    O1 - Hosts: 66.159.20.80 www.tgp-server.com
    O1 - Hosts: 66.159.20.80 magnaplza.com
    O1 - Hosts: 66.159.20.80 www.magnaplza.com
    O1 - Hosts: 66.159.20.80 free-xxx-server.com
    O1 - Hosts: 66.159.20.80 www.free-xxx-server.com
    O1 - Hosts: 66.159.20.80 libereco.net
    O1 - Hosts: 66.159.20.80 www.libereco.net
    O1 - Hosts: 66.159.20.80 0190-dialer.com
    O1 - Hosts: 66.159.20.80 www.0190-dialer.com
    O1 - Hosts: 66.159.20.80 xxxod.net
    O1 - Hosts: 66.159.20.80 www.xxxod.net
    O1 - Hosts: 66.159.20.80 altsights.com
    O1 - Hosts: 66.159.20.80 www.altsights.com
    O1 - Hosts: 66.159.20.80 adulthosting.com
    O1 - Hosts: 66.159.20.80 www.adulthosting.com
    O1 - Hosts: 66.159.20.80 superhova.com
    O1 - Hosts: 66.159.20.80 www.superhova.com
    O1 - Hosts: 66.159.20.80 bestpornhost.com
    O1 - Hosts: 66.159.20.80 www.bestpornhost.com
    O1 - Hosts: 66.159.20.80 hostingfree.com
    O1 - Hosts: 66.159.20.80 www.hostingfree.com
    O1 - Hosts: 66.159.20.80 xfreehosting.com
    O1 - Hosts: 66.159.20.80 www.xfreehosting.com
    O1 - Hosts: 66.159.20.80 blinghosting.com
    O1 - Hosts: 66.159.20.80 www.blinghosting.com
    O1 - Hosts: 66.159.20.80 x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 www.x-x-x-hosting.com
    O1 - Hosts: 66.159.20.80 pornparks.com

    O2 - BHO: (no name) - {B675B75C-D869-42CE-9CF9-804AC534E7D0} - C:\WINNT\system32\msieuftp.dll

    Restart your computer.

    Be sure and take advantage of the "Immunize" feature in Spybot.

    Finally go here http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?;act=ST;f=38;t=3051 for info on how this happens and how to help prevent future attacks.
    On this page you will find a link to Javacool's SpywareBlaster. Get it and check for updates frequently.
    The Immunize feature in Spybot used in conjunction with SpywareBlaster and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

    Important!: ALWAYS check for updated detections and referencefiles before scanning with Spybot and Adaware. And be sure to check for updates to SpywareBlaster on a weekly basis.
     
  6. Katt

    Katt Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    24
    I've done what you've suggested and also what the web-site you linked suggested. I can't thank you enough.

    This is the log as it stands now:

    Logfile of HijackThis v1.97.1
    Scan saved at 12:20:00 AM, on 12/09/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\sistray.EXE
    C:\WINNT\System32\khooker.exe
    C:\WINNT\system32\pctspk.exe
    C:\Program Files\PCI Audio Applications\Mixer.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\COURTE~1\LOCALS~1\Temp\Rar$EX00.973\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.katt.au.tt/
    O1 - Hosts: 66.159.18.75 www.astalavista.com
    O1 - Hosts: 66.159.18.75 astalavista.com
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {B675B75C-D869-42CE-9CF9-804AC534E7D0} - C:\WINNT\system32\msieuftp.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {9C3D72D8-119A-4253-B052-52ECFB357B1B} - (no file)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37846.1699305556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF51C732-E6BE-4F0B-9C9D-08EFF8DF3D7F}: NameServer = 139.134.5.51 139.134.2.190
     
  7. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,330
    There are a few left to fix.

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    O1 - Hosts: 66.159.18.75 www.astalavista.com
    O1 - Hosts: 66.159.18.75 astalavista.com

    O2 - BHO: (no name) - {B675B75C-D869-42CE-9CF9-804AC534E7D0} - C:\WINNT\system32\msieuftp.dll
     
  8. Katt

    Katt Thread Starter

    Joined:
    Aug 13, 2003
    Messages:
    24
    Why did astalavista suddenly pop up? I haven't visited their site at all.

    Log as it stands now:

    Logfile of HijackThis v1.97.1
    Scan saved at 12:40:54 AM, on 12/09/2003
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\sistray.EXE
    C:\WINNT\System32\khooker.exe
    C:\WINNT\system32\pctspk.exe
    C:\Program Files\PCI Audio Applications\Mixer.exe
    C:\Program Files\Messenger Plus! 2\MsgPlus.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\DOCUME~1\COURTE~1\LOCALS~1\Temp\Rar$EX00.973\HijackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Tray] C:\WINNT\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\System32\khooker.exe
    O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
    O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Mixer.exe /startup
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: ICQ Pro (HKLM)
    O9 - Extra 'Tools' menuitem: ICQ (HKLM)
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37846.1699305556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FF51C732-E6BE-4F0B-9C9D-08EFF8DF3D7F}: NameServer = 139.134.5.51 139.134.2.190
     
  9. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,330
    That log looks good.

    Notice all those 01 entries had the same IP. They were all hijacks of your host files to redirect you to porn sites.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/163975

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice