| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56136 | 2005-03-28 07:57:00 | Speedy Hijack | Cicero (40) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 338768 | 2005-03-28 07:57:00 | Thank you Speed.... Logfile of HijackThis v1.98.2 Scan saved at 5:52:30 p.m., on 28/03/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINDOWS\System32\CTSVCCDA.EXE C:\Program Files\Roxio\GoBack\GBPoll.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Ad Muncher\AdMunch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\unzipped\hijackthis[1]\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = red.clientapps.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.xtra.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = red.clientapps.yahoo.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\ycomp5_5_7_0. dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.114-big.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.114-big.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\ycomp5_5_7_0. dll O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.114-big.dll/cmsearch.html O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar_en_2.0.114-big.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.114-big.dll/cmcache.html O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2004\\Wizard.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar_en_2.0.114-big.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar_en_2.0.114-big.dll/cmtrans.html O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing) O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing) O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing) O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll O14 - IERESET.INF: START_PAGE_URL=http://www.xtra.co.nz O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - toolbar.google.com O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - us.dl1.yimg.com O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} ( Yahoo! Companion) - us.dl1.yimg.com O17 - HKLM\System\CCS\Services\Tcpip\..\{90380661-B1A8-4C5B-A3F4-03AF5F5C14E9}: NameServer = 202.27.184.3 202.27.184.5 |
Cicero (40) | ||
| 338769 | 2005-03-28 08:17:00 | Looks good to me Cicero .. Doesnt look like anything nasty there ... | Speedy Gonzales (78) | ||
| 338770 | 2005-03-28 08:29:00 | wheres firefox? :p | Prescott (11) | ||
| 338771 | 2005-03-28 08:31:00 | These need fixing, looks like an incomplete uninstall has left dregs? O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing) O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing) O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing) O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing) Reminds me of the shower door post, looking at Cicero's log. Apt to give one nightmares... <shudder> |
godfather (25) | ||
| 338772 | 2005-03-28 08:32:00 | There is a slight problem... Something seems to have renamed your firefox.exe to iexplorer.exe :p |
Myth (110) | ||
| 338773 | 2005-03-28 08:34:00 | Yup I dont think it'll hurt if Cicero leaves those entries there GF... As long as nothing is crashing or freezing. BUT it wouldnt hurt to delete them either. |
Speedy Gonzales (78) | ||
| 338774 | 2005-03-28 08:40:00 | CCleaner should do the job :thumbs: | Prescott (11) | ||
| 338775 | 2005-03-28 08:48:00 | These need fixing, looks like an incomplete uninstall has left dregs? O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing) O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing) O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing) O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing) Reminds me of the shower door post, looking at Cicero's log. Apt to give one nightmares... <shudder> Thats what you get when you learn to read gobbldygoook. |
Cicero (40) | ||
| 338776 | 2005-03-28 08:49:00 | C:\WINDOWS\System32\CTSVCCDA.EXE wont need this either unless you have a very old CD player. It can cause problems apparently. | Murray P (44) | ||
| 338777 | 2005-03-28 08:50:00 | There is a slight problem... Something seems to have renamed your firefox.exe to iexplorer.exe :p I like to live dangerously. :) |
Cicero (40) | ||
| 1 2 | |||||