| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64674 | 2005-12-23 01:05:00 | W32.Sinnaka.A@mm or Spy Trooper | cookiemonster (9463) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 415056 | 2006-01-02 02:28:00 | Did those suggestions Heres the latest HJT file: Logfile of HijackThis v1.99.1 Scan saved at 1:22:33 PM, on 2/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\WLAN Utility\WlanMon.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\MAXON\CMTNotif.exe C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Profiler\lwemon.exe C:\Program Files\GetRight\getright.exe C:\Program Files\ Yahoo! \Messenger\ymsgr_tray.exe C:\Program Files\GetRight\getright.exe C:\PROGRA~1\ICQ\ICQ.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtramsn.co.nz O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (file missing) O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [EN WLAN Utility] C:\Program Files\WLAN Utility\WlanMon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [CMTNotif.exe] C:\MAXON\CMTNotif.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [FNI.WA6P_0001_FNICP53] "C:\Documents and Settings\Phil\Local Settings\Temporary Internet Files\Content.IE5\KXMF8H2F\WA6PInstall[1].exe" O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - zone.msn.com O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - zone.msn.com O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - fdl.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe All Clean?? c:o:eek:kiem:groan:nster |
cookiemonster (9463) | ||
| 415057 | 2006-01-02 03:37:00 | Your log is cleaned, well done!, You should be set to go . Recommended Protection Programs Now that you are clean, to help protect yoursystem I recommend that you get the following free programs: SpywareBlaster ( . javacoolsoftware . com/spywareblaster . html" target="_blank">www . javacoolsoftware . com)to help prevent spyware from installing . SpywareGuard ( . javacoolsoftware . com/spywareguard . html" target="_blank">www . javacoolsoftware . com) to catch and block spyware . IESpy-Ad ( . aumha . org/secure . htm" target="_blank">www . aumha . org)to block access to malicious websites so you cannot be redirected to them from an infected site or email . WinPatrol (http://www . winpatrol . com/) to monitor any changes that programs make to the registry . If you do not have a firewall, here is a free one for personal use: ZoneAlarm Free Virus program AVG AntiVir Personal Edition F-Prot Antivirus |
Pancake (6359) | ||
| 415058 | 2006-01-02 11:34:00 | Cheers for the help All . TYVM ;) c:p:pkiem:Dnster |
cookiemonster (9463) | ||
| 415059 | 2006-05-02 02:59:00 | Reinfected :groan: :help: highjach this file below . Logfile of HijackThis v1 . 99 . 1 Scan saved at 1:43:18 PM, on 5/2/2006 Platform: Windows XP SP1 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP1 (6 . 00 . 2800 . 1106) Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\explorer . exe C:\Program Files\HijackThis 1 . 99 . 1\HijackThis . exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32 . html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32 . html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32 . html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32 . html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32 . html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32 . html F2 - REG:system . ini: Shell=explorer . exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001 . exe" O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume . dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm . ocx O4 - HKLM\ . . \Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP . exe O4 - HKLM\ . . \Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4 . exe" /tray O4 - HKLM\ . . \Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx . exe O4 - HKLM\ . . \Run: [orderShell] C:\Documents and Settings\Phil\ordervfxp . exe O4 - HKLM\ . . \Run: [SysTray] C:\Program Files\bmkhapv . exe O4 - HKLM\ . . \Run: [b4f29238 . exe] C:\WINDOWS\System32\b4f29238 . exe O4 - HKLM\ . . \Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap . exe O4 - HKLM\ . . \Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss . exe O4 - HKLM\ . . \Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon . exe O4 - HKLM\ . . \Run: [IE Redir] C:\WINDOWS\ieredir . exe O4 - HKLM\ . . \RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap . exe O4 - HKCU\ . . \Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001 . exe" O4 - HKCU\ . . \Run: [b4f29238 . exe] C:\Documents and Settings\Phil\Local Settings\Application Data\b4f29238 . exe O4 - HKCU\ . . \Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap . exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related . htm O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4 . 0) - file://C:\Documents and Settings\Phil\Local Settings\Temp\EI40_\msxml4 . cab O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_16 . dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx . exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag . exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl . exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc . - C:\Program Files\Analog Devices\SoundMAX\SMAgent . exe Ewido file below . --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 1:53:21 PM, 5/2/2006 + Report-Checksum: 649832AE + Scan result: No infected objects found . ::Report End |
cookiemonster (9463) | ||
| 415060 | 2006-05-02 06:00:00 | Get this ( . geekstogo . com/click%20counter/click . php?id=1" target="_blank">noahdfear . geekstogo . com) Follow the info here (http://noahdfear . geekstogo . com/) Turn system restore OFF . Boot into safe mode first run HJT again, tick these entries and tick fix checked . R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32 . html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32 . html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32 . html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32 . html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32 . html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32 . html F2 - REG:system . ini: Shell=explorer . exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001 . exe" O2 - BHO: (no name) - {196B9CB5-4C83-46F7-9B06-9672ECD9D99B} - C:\WINDOWS\system32\winbrume . dll O4 - HKLM\ . . \Run: [orderShell] C:\Documents and Settings\Phil\ordervfxp . exe O4 - HKLM\ . . \Run: [SysTray] C:\Program Files\bmkhapv . exe O4 - HKLM\ . . \Run: [b4f29238 . exe] C:\WINDOWS\System32\b4f29238 . exe O4 - HKLM\ . . \Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap . exe O4 - HKLM\ . . \Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon . exe O4 - HKLM\ . . \Run: [IE Redir] C:\WINDOWS\ieredir . exe O4 - HKLM\ . . \RunServices: [0mcamcap] C:\WINDOWS\System32\0mcamcap . exe 04 - HKCU\ . . \Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001 . exe" O4 - HKCU\ . . \Run: [b4f29238 . exe] C:\Documents and Settings\Phil\Local Settings\Application Data\b4f29238 . exe O4 - HKCU\ . . \Run: [0mcamcap] C:\WINDOWS\System32\0mcamcap . exe O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_16 . dll 1 . Install a firewall on this system . 2 . Install an AV program on this system 3 . Update Windows . |
Speedy Gonzales (78) | ||
| 415061 | 2006-05-03 03:59:00 | Logfile of HijackThis v1.99.1 Scan saved at 1:52:38 PM, on 5/3/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ZoneLabs\vsmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e C:\WINDOWS\explorer.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SysTray] C:\Program Files\bmkhapv.exe O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunOnce: [srePostpone] rundll32.exe c:\windows\system32\zonelabs\srescan.dll,DoSpecial Action O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Phil\Local Settings\Temp\EI40_\msxml4.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe latest HJT file ^^ C:stare::xmouth:kiem:onster |
cookiemonster (9463) | ||
| 415062 | 2006-05-03 04:24:00 | Nope, you've still got Smitfraud. Did you run smitrem.exe in safe mode?? Get Spybot or get trojan remover (dl.filekicker.com) from here (www.simplysup.com) if this isnt installed. If you have this already, make sure its up to date. You've got 5 files relating to smitfraud, and one relating to a worm. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [SysTray] C:\Program Files\bmkhapv.exe |
Speedy Gonzales (78) | ||
| 415063 | 2006-05-03 04:37:00 | Yes,I did<I'll rerun it again np. C:badpc::blush:kiem;)nster |
cookiemonster (9463) | ||
| 415064 | 2006-05-03 05:11:00 | HJT file as below: ;) Logfile of HijackThis v1.99.1 Scan saved at 4:01:19 PM, on 5/3/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtramsn.co.nz R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SysTray] C:\Program Files\bmkhapv.exe O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Phil\Local Settings\Temp\EI40_\msxml4.cab O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:illogical:illogicalkiem:illogicalnster |
cookiemonster (9463) | ||
| 415065 | 2006-05-03 06:30:00 | Sent u a PM Cookiemonster. DON'T install SP2 on this PC, until u fix this prob! | Speedy Gonzales (78) | ||
| 1 2 3 4 5 6 7 8 | |||||