Forum Home
Press F1
Thread ID: 64806	2005-12-28 23:44:00	trojans and things	ptopz (4662)	Press F1

Post ID	Timestamp	Content	User
416421	2005-12-28 23:44:00	Greetings. Below is my "hijack this" log. A helpful person yesterday told me what to delete but other disasters got in the way and I cant find yesterdays thread. Can anyone suggest which of these things I shouldn't have and how to rid myself of them? Thanks.	ptopz (4662)
416422	2005-12-28 23:46:00	This thread? (forums.pcworld.co.nz) And you forgot to post the HiJack This result	Myth (110)
416423	2005-12-29 04:07:00	... and I cant find yesterdays thread. A couple of quick ways to locate your threads, is to click on your username once signed in on the "Online" list found on the front page. You will then see the options to click on your last post or to show all posts. Another way is to use the UserCP link (User Control Panel) which can be found in the horizontal blue bar at the top left of each page. There you will see a link to "List Subscriptions". Under "Edit Options" you can also choose whether to received email notifications of replies to threads you have posted in. :)	Jen (38)
416424	2006-01-03 08:56:00	Here is my hijack this log. Can anyone see anything I should not have on my system? Many thanks Logfile of HijackThis v1.99.1 Scan saved at 10:03:03 p.m., on 3/01/2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\system32\CTsvcCDA.EXE C:\WINNT\System32\svchost.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\system32\ZoneLabs\vsmon.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Media Access\MediaAccess.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3T1. EXE C:\program files\180search assistant\180sa.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\anon1\LOCALS~1\Temp\Rar$EX00.042\Hijac kThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xtra.co.nz R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xtra O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Etomi\Plugins\RazaWebHook.dll O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180search assistant\180sahook.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINNT\system32\navshext1.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing) O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S4I3T1. EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45" O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe O4 - HKLM\..\Run: [fmhol] c:\winnt\fmhol.exe O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Multimedia Keyboard Driver.lnk = C:\Program Files\MultiMedia Keyboard Drv\kb_2k.exe O8 - Extra context menu item: Download with &Etomi - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\office\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - www.drivershq.com O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - www.pcpitstop.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - www.180searchassistant.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - antu.popcap.com O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe	ptopz (4662)
416425	2006-01-03 09:14:00	You have Spyware/adware. Reboot into safe mode, and run hijackthis again. Tick these entries tick fix checked. C:\Program Files\Media Access\MediaAccK.exe C:\Program Files\Media Access\MediaAccess.exe Follow this link (www.bleepingcomputer.com) C:\program files\180search assistant\180sa.exe O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Etomi\Plugins\RazaWebHook.dll O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180search assistant\180sahook.dll O3 - Toolbar: ISTbar - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - C:\Program Files\ISTbar\istbarcm.dll (file missing O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe O4 - HKLM\..\Run: [fmhol] c:\winnt\fmhol.exe O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - static.windupdates.com O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - www.180searchassistant.com O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) Also look here (securityresponse.symantec.com) You may also have parts of this (securityresponse.symantec.com)	Speedy Gonzales (78)
1