CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

winfavorites...HELP

 
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
cstump23606

Cadet
Cadet


Joined: Dec 01, 2003
Posts: 3
Location: USA
PostPosted: Thu Dec 04, 2003 4:20 am    Post subject: winfavorites...HELP
Reply with quote

i already deleted new.net and ran ad-aware...here is my most recent HJT.
Logfile of HijackThis v1.97.7
Scan saved at 11:31:06 PM, on 12/3/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\PROGRA~1\Save\Save.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\keipzgmu.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\System32\zzcuup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Hotbar\bin\4.3.6.0\HbSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carly (She Dog) Stum\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dev.ntcor.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server224.smartbotpro.net/7search/?002
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?c001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server224.smartbotpro.net/7search/?003
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html
R3 - Default URLSearchHook is missing
O1 - Hosts: 211.162.108.123 www.123buyviagra.com
O1 - Hosts: 211.162.108.123 www.1-2-3-buy-viagra.com
O1 - Hosts: 211.162.108.123 www.2-buy-cheap-viagra.com
O1 - Hosts: 211.162.108.123 www.2-buy-viagra-cheap-online.com
O1 - Hosts: 211.162.108.123 www.a1b2c3.com
O1 - Hosts: 211.162.108.123 www.agingwithsuccess.com
O1 - Hosts: 211.162.108.123 www.all-viagra.com
O1 - Hosts: 211.162.108.123 www.amazingpills.net
O1 - Hosts: 211.162.108.123 www.americanpharmacy.com
O1 - Hosts: 211.162.108.123 www.a-zonlinedrugs.com
O1 - Hosts: 211.162.108.123 www.bluecommunity.net
O1 - Hosts: 211.162.108.123 www.buycheappills.net
O1 - Hosts: 211.162.108.123 www.buy-cheap-rx.com
O1 - Hosts: 211.162.108.123 www.buy-generic-viagra.com
O1 - Hosts: 211.162.108.123 www.buy-generic-viagra-sildenafil-citrate.com
O1 - Hosts: 211.162.108.123 www.buy-low-cost-viagra.com
O1 - Hosts: 211.162.108.123 www.buy-order-viagra.com
O1 - Hosts: 211.162.108.123 www.buy--viagra.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-4less.com
O1 - Hosts: 211.162.108.123 www.buyviagra-direct.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-free-prescriptions.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-here.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-internet.net
O1 - Hosts: 211.162.108.123 www.buy-viagra-now.net
O1 - Hosts: 211.162.108.123 www.buy-viagra-now.tripod.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-online-cheap.net
O1 - Hosts: 211.162.108.123 www.buyviagraonlineforless.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-online-sales.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-usa-prescription.com
O1 - Hosts: 211.162.108.123 www.buy-viagra-viagara-online.com
O1 - Hosts: 211.162.108.123 www.buyviagra-viagra.com
O1 - Hosts: 211.162.108.123 www.canadaexpressrx.com
O1 - Hosts: 211.162.108.123 www.cheap-viagra-4u.com
O1 - Hosts: 211.162.108.123 www.cheap-viagra-pharmacy.com
O1 - Hosts: 211.162.108.123 www.click-viagra.com
O1 - Hosts: 211.162.108.123 www.cyberpillsnetwork.com
O1 - Hosts: 211.162.108.123 www.discount-viagra-cheap.com
O1 - Hosts: 211.162.108.123 www.doctorviagra.net
O1 - Hosts: 211.162.108.123 www.drugstore.com
O1 - Hosts: 211.162.108.123 www.ed-pharmacy.com
O1 - Hosts: 211.162.108.123 www.ed-pills.com
O1 - Hosts: 211.162.108.123 www.e-order-viagra.com
O1 - Hosts: 211.162.108.123 www.epillz.com
O1 - Hosts: 211.162.108.123 www.find-viagra.com
O1 - Hosts: 211.162.108.123 www.free-viagra-sample.com
O1 - Hosts: 211.162.108.123 www.genericviagra.info
O1 - Hosts: 211.162.108.123 www.generic-viagra.ws
O1 - Hosts: 211.162.108.123 www.genuine-pfizer-viagra.com
O1 - Hosts: 211.162.108.123 www.global-viagra.com
O1 - Hosts: 211.162.108.123 www.horizondrugs.com
O1 - Hosts: 211.162.108.123 www.howtogetviagra.com
O1 - Hosts: 211.162.108.123 www.lmtc.net
O1 - Hosts: 211.162.108.123 www.lowpricepills.com
O1 - Hosts: 211.162.108.123 www.mailorderviagra.net
O1 - Hosts: 211.162.108.123 www.menscripts.com
O1 - Hosts: 211.162.108.123 www.mixpills.com
O1 - Hosts: 211.162.108.123 www.moodmaniac.com
O1 - Hosts: 211.162.108.123 www.myclinics.com
O1 - Hosts: 211.162.108.123 www.myviagrasupplier.com
O1 - Hosts: 211.162.108.123 www.overnightprescription.com
O1 - Hosts: 211.162.108.123 www.pharmaviagra.com
O1 - Hosts: 211.162.108.123 www.pillcraze.com
O1 - Hosts: 211.162.108.123 www.pilldealfinder.com
O1 - Hosts: 211.162.108.123 www.pillrange.com
O1 - Hosts: 211.162.108.123 www.pilltip.com
O1 - Hosts: 211.162.108.123 www.pillwatch.com
O1 - Hosts: 211.162.108.123 www.planetarymed.com
O1 - Hosts: 211.162.108.123 www.platinum-rx.com
O1 - Hosts: 211.162.108.123 www.romance-tips.com
O1 - Hosts: 211.162.108.123 www.shoprxonline.com
O1 - Hosts: 211.162.108.123 www.starpills.com
O1 - Hosts: 211.162.108.123 www.top-10-viagra-pharmacies-online.com
O1 - Hosts: 211.162.108.123 www.top-pharmacy-guide.com
O1 - Hosts: 211.162.108.123 www.usapills.net
O1 - Hosts: 211.162.108.123 www.viagrabuyonline.net
O1 - Hosts: 211.162.108.123 www.viagra-online--now.com
O1 - Hosts: 211.162.108.123 www.viagraonlinepharmacy.com
O1 - Hosts: 211.162.108.123 www.viagraprice.net
O1 - Hosts: 211.162.108.123 www.viagra-price-guide.com
O1 - Hosts: 211.162.108.123 www.viagraprices.net
O1 - Hosts: 211.162.108.123 www.viagra-qs.com
O1 - Hosts: 211.162.108.123 www.viagrastories.com
O1 - Hosts: 211.162.108.123 www.v-viagra.com
O1 - Hosts: 211.162.108.123 www.1000med.com
O1 - Hosts: 211.162.108.123 www.123pill.com
O1 - Hosts: 211.162.108.123 www.123prescriptionpills.com
O1 - Hosts: 211.162.108.123 www.1soma.com
O1 - Hosts: 211.162.108.123 www.24-7online-pharmacy.com
O1 - Hosts: 211.162.108.123 www.247-pharmacy.com
O1 - Hosts: 211.162.108.123 www.24hourpill.com
O1 - Hosts: 211.162.108.123 www.abcweightloss.net
O1 - Hosts: 211.162.108.123 www.alfadrugs.com
O1 - Hosts: 211.162.108.123 www.alfaus.com
O1 - Hosts: 211.162.108.123 www.ashevillelist.com
O1 - Hosts: 211.162.108.123 www.bestprescription.com
O1 - Hosts: 211.162.108.123 www.buy.affordable-prescriptions.com
O1 - Hosts: 211.162.108.123 www.buyambienonline.com
O1 - Hosts: 211.162.108.123 www.buy-carisoprodol.com
O1 - Hosts: 211.162.108.123 www.buy-drugs-without-prescription.com
O1 - Hosts: 211.162.108.123 www.buy-flexeril-00.biz
O1 - Hosts: 211.162.108.123 www.buy-flexeril-i-a.biz
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5EEDEF3E-896B-B50C-BCDA-5FDDB764A601} - C:\WINDOWS\system32\vffopsmx.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DA8DC68E-25C7-A141-9140-DB3D0C26D5EF} - C:\WINDOWS\system32\vyuiuuch.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KaZaA Media Desktop] C:\Program Files\KaZaA\kazaa.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [llfngjwa] C:\WINDOWS\keipzgmu.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\zzcuup.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Carly (She Dog) Stum\Application Data\DownloadPlus.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE73E9F8-F98D-4333-AB75-A5F05CD6B00A}: NameServer = 137.155.12.210,137.155.12.216
Back to top
View users profile Send private message
cstump23606

Cadet
Cadet


Joined: Dec 01, 2003
Posts: 3
Location: USA
PostPosted: Thu Dec 04, 2003 4:35 am    Post subject: nevermind heres the MOST recent HJT
Reply with quote

Logfile of HijackThis v1.97.7
Scan saved at 11:46:29 PM, on 12/3/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\DownloadWare\dw.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\PROGRA~1\Save\Save.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\keipzgmu.exe
C:\Program Files\syslaunch.exe
C:\WINDOWS\System32\zzcuup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Hotbar\bin\4.3.6.0\HbSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\Screen Scapes Task.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Carly (She Dog) Stum\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dev.ntcor.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server224.smartbotpro.net/7search/?002
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?c001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server224.smartbotpro.net/7search/?003
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dev.ntcor.com/search.html
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5EEDEF3E-896B-B50C-BCDA-5FDDB764A601} - C:\WINDOWS\system32\vffopsmx.dll
O2 - BHO: (no name) - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DA8DC68E-25C7-A141-9140-DB3D0C26D5EF} - C:\WINDOWS\system32\vyuiuuch.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: IE Search Bar - {71ED4FBA-4024-4bbe-91DC-9704C93F453E} - c:\progra~1\iesearchbar\iesearchbar.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [KaZaA Media Desktop] C:\Program Files\KaZaA\kazaa.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [llfngjwa] C:\WINDOWS\keipzgmu.exe
O4 - HKLM\..\Run: [iehelper] C:\Program Files\syslaunch.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [nvid] C:\WINDOWS\System32\zzcuup.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [WhenUSearch] C:\Program Files\WhenUSearch\Search.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Carly (She Dog) Stum\Application Data\DownloadPlus.exe
O4 - Startup: Screen Scapes Task.lnk = C:\WINDOWS\Screen Scapes Task.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: AIM (HKLM)
O9 - Extra button: MoneySide (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE73E9F8-F98D-4333-AB75-A5F05CD6B00A}: NameServer = 137.155.12.210,137.155.12.216
Back to top
View users profile Send private message
tb525

Lieutenant
Lieutenant


Joined: Dec 03, 2003
Posts: 188
Location: USA
PostPosted: Thu Dec 04, 2003 9:31 am    Post subject:
Reply with quote

First, Would you please go here and run an online virus scan and copy the report and paste it in a reply.

http://www.ravantivirus.com/scan/
Back to top
View users profile Send private message
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13113
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Thu Dec 04, 2003 4:13 pm    Post subject:
Reply with quote

I have a question about that "IE Search Bar" you have installed. Did you install it wittingly, or did it somehow "materialize" one day?


_________________
Tony image CLSID List
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Trend Micro HijackThis Logs All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
189ppm 0.399s (0.107s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer