Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hijack log.... [CLOSED]


  • This topic is locked This topic is locked

#1
Ricky

Ricky

    New Member

  • Member
  • Pip
  • 4 posts
I have prosearch taking over plus anything else you see please help!!!

Logfile of HijackThis v1.97.7
Scan saved at 9:06:21 AM, on 4/23/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\BLUEMI~1\grim fast.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myip.ipaper.com/myip/homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O1 - Hosts: 207.44.240.65 ads.x10.com
O1 - Hosts: 207.44.240.65 images.x10.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 servedby.netadvertising.com
O1 - Hosts: 207.44.240.65 images.trafficmp.com
O1 - Hosts: 207.44.240.65 ad.uk.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.ca.doubleclick.net
O1 - Hosts: 207.44.240.65 ads.specificpop.com
O1 - Hosts: 207.44.240.65 ads.specificclick.com
O1 - Hosts: 207.44.240.65 ads.popupsponsor.com
O1 - Hosts: 207.44.240.65 adfarm.mediaplex.com
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 media1.fastclick.net
O1 - Hosts: 207.44.240.65 media19.fastclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media29.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 adserv.internetfuel.com
O1 - Hosts: 207.44.240.65 www.satellitepop.com
O1 - Hosts: 207.44.240.65 count.exitexchange.com
O1 - Hosts: 207.44.240.65 z1.adserver.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 servedfor.valuead.com
O1 - Hosts: 207.44.240.65 banners.valuead.com
O1 - Hosts: 207.44.240.65 img.mediaplex.com
O1 - Hosts: 207.44.240.65 ln.doubleclick.net
O1 - Hosts: 207.44.240.65 m2.doubleclick.net
O1 - Hosts: 207.44.240.65 m.doubleclick.net
O1 - Hosts: 207.44.240.65 ad.doubleclick.net
O1 - Hosts: 207.44.240.65 media28.fastclick.net
O1 - Hosts: 207.44.240.65 media39.fastclick.net
O1 - Hosts: 207.44.240.65 media.fastclick.net
O1 - Hosts: 207.44.240.65 popuptraffic.com
O1 - Hosts: 207.44.240.65 leader.linkexchange.com
O1 - Hosts: 207.44.240.65 rad.msn.com
O1 - Hosts: 207.44.240.65 view.atdmt.com
O1 - Hosts: 207.44.240.65 iv.doubleclick.net
O1 - Hosts: 207.44.240.65 focusin.ads.targetnet.com
O1 - Hosts: 207.44.240.65 a.tribalfusion.com
O2 - BHO: (no name) - {BDECB2B9-A8F9-0824-8409-4038ACAB4E70} - C:\PROGRA~1\README~1\Wave Army.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [third view] C:\PROGRA~1\BLUEMI~1\grim fast.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O12 - Plugin for .lwp: C:\Program Files\Internet Explorer\PLUGINS\NPLKV.DLL
O15 - Trusted Zone: http://*.cicnet
O15 - Trusted Zone: http://www.covisint.com
O15 - Trusted Zone: http://*.fieont13
O15 - Trusted Zone: http://*.everest.ford.com
O15 - Trusted Zone: http://ahdreports.ipaper.com
O15 - Trusted Zone: http://ahdts.ipaper.com
O15 - Trusted Zone: http://andro.ipaper.com
O15 - Trusted Zone: http://andront1.ipaper.com
O15 - Trusted Zone: http://andront2.ipaper.com
O15 - Trusted Zone: http://antestream.ipaper.com
O15 - Trusted Zone: http://demurrage.ipaper.com
O15 - Trusted Zone: http://fieont07.ipaper.com
O15 - Trusted Zone: http://fieont13.na.ipaper.com
O15 - Trusted Zone: http://fieont7.ipaper.com
O15 - Trusted Zone: http://iis1.ipaper.com
O15 - Trusted Zone: http://ipiisweb.ipaper.com
O15 - Trusted Zone: http://ipportal.ipaper.com
O15 - Trusted Zone: http://ipportal.na.ipaper.com
O15 - Trusted Zone: http://ipwebdev.ipaper.com
O15 - Trusted Zone: http://ITRS.ipaper.com
O15 - Trusted Zone: http://legaladmin.ipaper.com
O15 - Trusted Zone: http://legalhrm.ipaper.com
O15 - Trusted Zone: http://mycitrix.ipaper.com
O15 - Trusted Zone: http://mycitrix.na.ipaper.com
O15 - Trusted Zone: http://mylearning.ipaper.com
O15 - Trusted Zone: http://nzaxpf0.natchezmill.ipaper.com
O15 - Trusted Zone: http://Oracle11i.ipaper.com
O15 - Trusted Zone: http://project.ipaper.com
O15 - Trusted Zone: http://project1.na.ipaper.com
O15 - Trusted Zone: http://rcts.ipaper.com
O15 - Trusted Zone: http://rrntabbspws1.ipaper.com
O15 - Trusted Zone: http://s00csql01.na.ipaper.com
O15 - Trusted Zone: http://s02aathapp01.ipaper.com
O15 - Trusted Zone: http://s02aeatest01.ipaper.com
O15 - Trusted Zone: http://s02aepd01.ipaper.com
O15 - Trusted Zone: http://s02aepd01.na.ipaper.com
O15 - Trusted Zone: http://s02aepdd01.na.ipaper.com
O15 - Trusted Zone: http://s02aeppp01.ipaper.com
O15 - Trusted Zone: http://s02aeppp01.na.ipaper.com
O15 - Trusted Zone: http://s02aeppp02.ipaper.com
O15 - Trusted Zone: http://s02aeppp02.na.ipaper.com
O15 - Trusted Zone: http://s02aept01.ipaper.com
O15 - Trusted Zone: http://s02aept01.na.ipaper.com
O15 - Trusted Zone: http://s02afip01.ipaper.com
O15 - Trusted Zone: http://s02aproject1.na.ipaper.com
O15 - Trusted Zone: http://s02ataxp.ipaper.com
O15 - Trusted Zone: http://s02ataxt.ipaper.com
O15 - Trusted Zone: http://s02avmctxportal.ipaper.com
O15 - Trusted Zone: http://s02avmctxportal.na.ipaper.com
O15 - Trusted Zone: http://s02awesdev01.ipaper.com
O15 - Trusted Zone: http://s02awiseiccp01.ipaper.com
O15 - Trusted Zone: http://s02aworldrecprd.ipaper.com
O15 - Trusted Zone: http://s0ddnotesinovar.ipaper.com
O15 - Trusted Zone: http://s0ddprofweb01.ipaper.com
O15 - Trusted Zone: http://s0ddtestream.ipaper.com
O15 - Trusted Zone: http://s26aapps01.ipaper.com
O15 - Trusted Zone: http://s26aapps02.ipaper.com
O15 - Trusted Zone: http://s26aweb1.ipaper.com
O15 - Trusted Zone: http://S337ACQ1.ipaper.com
O15 - Trusted Zone: http://s337acq1.na.ipaper.com
O15 - Trusted Zone: http://s38bap14.ipaper.com
O15 - Trusted Zone: http://s769ap08.ipaper.com
O15 - Trusted Zone: http://sapsbx04.ipaper.com
O15 - Trusted Zone: http://serverdb.ipaper.com
O15 - Trusted Zone: http://shor01.ipaper.com
O15 - Trusted Zone: http://shor02.ipaper.com
O15 - Trusted Zone: http://shor03.ipaper.com
O15 - Trusted Zone: http://shor04.ipaper.com
O15 - Trusted Zone: http://shor05.ipaper.com
O15 - Trusted Zone: http://shor06.ipaper.com
O15 - Trusted Zone: http://shor07.ipaper.com
O15 - Trusted Zone: http://svweb.ipaper.com
O15 - Trusted Zone: http://swahdts.ipaper.com
O15 - Trusted Zone: http://swcasedev.ipaper.com
O15 - Trusted Zone: http://swcaseprod.ipaper.com
O15 - Trusted Zone: http://swebustest2.ipaper.com
O15 - Trusted Zone: http://swleap.ipaper.com
O15 - Trusted Zone: http://swnapps03.ipaper.com
O15 - Trusted Zone: http://swneapps03.ipaper.com
O15 - Trusted Zone: http://swnepad01.ipaper.com
O15 - Trusted Zone: http://swnepad02.ipaper.com
O15 - Trusted Zone: http://swprojecteval.ipaper.com
O15 - Trusted Zone: http://swtax.ipaper.com
O15 - Trusted Zone: http://swtaxdev.ipaper.com
O15 - Trusted Zone: http://swwid1.ipaper.com
O15 - Trusted Zone: http://techweb.ipaper.com
O15 - Trusted Zone: http://timber.ipaper.com
O15 - Trusted Zone: http://timber.dev.ipaper.com
O15 - Trusted Zone: http://timber.stg.ipaper.com
O15 - Trusted Zone: http://twis.ipaper.com
O15 - Trusted Zone: http://x769qalabserv.ipaper.com
O15 - Trusted Zone: http://x769qalabserv1.ipaper.com
O15 - Trusted Zone: http://legalhrm.ipapr.com
O15 - Trusted Zone: http://*.ipportal
O15 - Trusted Zone: http://www.irchannel.com
O15 - Trusted Zone: http://*.ITRS
O15 - Trusted Zone: http://www.maketingiq.com
O15 - Trusted Zone: http://www.marketingiq.com
O15 - Trusted Zone: http://www.mustangtampa.com
O15 - Trusted Zone: http://*.myip
O15 - Trusted Zone: http://*.Oracle11i
O15 - Trusted Zone: http://*.peopleclick.com
O15 - Trusted Zone: http://*.s00csql01
O15 - Trusted Zone: http://*.s02aeatest01
O15 - Trusted Zone: http://*.s02aeppp01
O15 - Trusted Zone: http://*.s02aeppp02
O15 - Trusted Zone: http://*.s02aepsb01
O15 - Trusted Zone: http://*.s02afip01
O15 - Trusted Zone: http://*.s02awesdev01
O15 - Trusted Zone: http://*.s337acq1
O15 - Trusted Zone: http://*.s337Web02
O15 - Trusted Zone: http://*.s769ap08
O15 - Trusted Zone: http://*.sartestream02
O15 - Trusted Zone: http://*.serverdb
O15 - Trusted Zone: http://Oracle11i.shorepak.com
O15 - Trusted Zone: http://shor01.shorepak.com
O15 - Trusted Zone: http://shor02.shorepak.com
O15 - Trusted Zone: http://shor03.shorepak.com
O15 - Trusted Zone: http://shor04.shorepak.com
O15 - Trusted Zone: http://shor05.shorepak.com
O15 - Trusted Zone: http://shor06.shorepak.com
O15 - Trusted Zone: http://shor07.shorepak.com
O15 - Trusted Zone: http://*.smartforce.com
O15 - Trusted Zone: http://ip.softscape.com
O15 - Trusted Zone: http://*.svweb
O15 - Trusted Zone: http://*.swebustest2
O15 - Trusted Zone: http://*.swweb01
O15 - Trusted Zone: http://*.swwid1
O15 - Trusted Zone: http://*.w00c1220
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.x519qalabserv1
O15 - Trusted Zone: http://*.x769qalabserv1
O15 - Trusted Zone: http://fors.xpedx.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\qtzxqa.exe
O16 - DPF: {19788F7F-97A8-43EE-9F8E-1AAD5DEAD362} (twControl.TreeViewControl) - http://www.abbottsfi...B/twControl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE2.cab
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/p.../v12/ticker.cab
O16 - DPF: {77349B07-BCEA-11D4-AFAE-005004211DB3} (BCMigrateX Control) - http://bciip/utils/B...e/BCMigrate.cab
O16 - DPF: {9A4527F8-164E-11D6-9919-0050045692D7} (WebMultiViewerCtrl.WebMultiViewer) - http://www.abbottsfi...B/WebViewer.CAB
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/p...12/invinstl.exe
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast....wnload/SBFS.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.ipaper.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.ipaper.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.ipaper.com
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Welcome Ricky <_<

Have you tried Ad-aware? If not, please do so and reply with a fresh Hijack This log.

CLICK HERE to download Ad-aware
Using Spybot: Start Spybot S&D using the "Spybot-S&D (easy mode)" link from your Start menu . Click the Search for updates button, if any are found then click the Download Updates button. After all updates are downloaded, click the Check for problems button. When the scan is complete, place a check next to anything marked in red, then click the Fix selected problems button.
  • 0

#3
Ricky

Ricky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Logfile of HijackThis v1.97.7
Scan saved at 12:41:10 PM, on 4/23/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\PROGRA~1\BLUEMI~1\grim fast.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINNT\MS\SMS\CORE\BIN\Boot32wn.exe
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Software\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myip.ipaper.com/myip/homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by International Paper (R1K-GP)
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [third view] C:\PROGRA~1\BLUEMI~1\grim fast.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Open Image in New Window - res://C:\Program Files\PopUpCop\popupcop.dll/imagenew
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1033\phdintl.dll/phdContext.htm
O12 - Plugin for .lwp: C:\Program Files\Internet Explorer\PLUGINS\NPLKV.DLL
O15 - Trusted Zone: http://*.cicnet
O15 - Trusted Zone: http://www.covisint.com
O15 - Trusted Zone: http://*.fieont13
O15 - Trusted Zone: http://*.everest.ford.com
O15 - Trusted Zone: http://ahdreports.ipaper.com
O15 - Trusted Zone: http://ahdts.ipaper.com
O15 - Trusted Zone: http://andro.ipaper.com
O15 - Trusted Zone: http://andront1.ipaper.com
O15 - Trusted Zone: http://andront2.ipaper.com
O15 - Trusted Zone: http://antestream.ipaper.com
O15 - Trusted Zone: http://demurrage.ipaper.com
O15 - Trusted Zone: http://fieont07.ipaper.com
O15 - Trusted Zone: http://fieont13.na.ipaper.com
O15 - Trusted Zone: http://fieont7.ipaper.com
O15 - Trusted Zone: http://iis1.ipaper.com
O15 - Trusted Zone: http://ipiisweb.ipaper.com
O15 - Trusted Zone: http://ipportal.ipaper.com
O15 - Trusted Zone: http://ipportal.na.ipaper.com
O15 - Trusted Zone: http://ipwebdev.ipaper.com
O15 - Trusted Zone: http://ITRS.ipaper.com
O15 - Trusted Zone: http://legaladmin.ipaper.com
O15 - Trusted Zone: http://legalhrm.ipaper.com
O15 - Trusted Zone: http://mycitrix.ipaper.com
O15 - Trusted Zone: http://mycitrix.na.ipaper.com
O15 - Trusted Zone: http://mylearning.ipaper.com
O15 - Trusted Zone: http://nzaxpf0.natchezmill.ipaper.com
O15 - Trusted Zone: http://Oracle11i.ipaper.com
O15 - Trusted Zone: http://project.ipaper.com
O15 - Trusted Zone: http://project1.na.ipaper.com
O15 - Trusted Zone: http://rcts.ipaper.com
O15 - Trusted Zone: http://rrntabbspws1.ipaper.com
O15 - Trusted Zone: http://s00csql01.na.ipaper.com
O15 - Trusted Zone: http://s02aathapp01.ipaper.com
O15 - Trusted Zone: http://s02aeatest01.ipaper.com
O15 - Trusted Zone: http://s02aepd01.ipaper.com
O15 - Trusted Zone: http://s02aepd01.na.ipaper.com
O15 - Trusted Zone: http://s02aepdd01.na.ipaper.com
O15 - Trusted Zone: http://s02aeppp01.ipaper.com
O15 - Trusted Zone: http://s02aeppp01.na.ipaper.com
O15 - Trusted Zone: http://s02aeppp02.ipaper.com
O15 - Trusted Zone: http://s02aeppp02.na.ipaper.com
O15 - Trusted Zone: http://s02aept01.ipaper.com
O15 - Trusted Zone: http://s02aept01.na.ipaper.com
O15 - Trusted Zone: http://s02afip01.ipaper.com
O15 - Trusted Zone: http://s02aproject1.na.ipaper.com
O15 - Trusted Zone: http://s02ataxp.ipaper.com
O15 - Trusted Zone: http://s02ataxt.ipaper.com
O15 - Trusted Zone: http://s02avmctxportal.ipaper.com
O15 - Trusted Zone: http://s02avmctxportal.na.ipaper.com
O15 - Trusted Zone: http://s02awesdev01.ipaper.com
O15 - Trusted Zone: http://s02awiseiccp01.ipaper.com
O15 - Trusted Zone: http://s02aworldrecprd.ipaper.com
O15 - Trusted Zone: http://s0ddnotesinovar.ipaper.com
O15 - Trusted Zone: http://s0ddprofweb01.ipaper.com
O15 - Trusted Zone: http://s0ddtestream.ipaper.com
O15 - Trusted Zone: http://s26aapps01.ipaper.com
O15 - Trusted Zone: http://s26aapps02.ipaper.com
O15 - Trusted Zone: http://s26aweb1.ipaper.com
O15 - Trusted Zone: http://S337ACQ1.ipaper.com
O15 - Trusted Zone: http://s337acq1.na.ipaper.com
O15 - Trusted Zone: http://s38bap14.ipaper.com
O15 - Trusted Zone: http://s769ap08.ipaper.com
O15 - Trusted Zone: http://sapsbx04.ipaper.com
O15 - Trusted Zone: http://serverdb.ipaper.com
O15 - Trusted Zone: http://shor01.ipaper.com
O15 - Trusted Zone: http://shor02.ipaper.com
O15 - Trusted Zone: http://shor03.ipaper.com
O15 - Trusted Zone: http://shor04.ipaper.com
O15 - Trusted Zone: http://shor05.ipaper.com
O15 - Trusted Zone: http://shor06.ipaper.com
O15 - Trusted Zone: http://shor07.ipaper.com
O15 - Trusted Zone: http://svweb.ipaper.com
O15 - Trusted Zone: http://swahdts.ipaper.com
O15 - Trusted Zone: http://swcasedev.ipaper.com
O15 - Trusted Zone: http://swcaseprod.ipaper.com
O15 - Trusted Zone: http://swebustest2.ipaper.com
O15 - Trusted Zone: http://swleap.ipaper.com
O15 - Trusted Zone: http://swnapps03.ipaper.com
O15 - Trusted Zone: http://swneapps03.ipaper.com
O15 - Trusted Zone: http://swnepad01.ipaper.com
O15 - Trusted Zone: http://swnepad02.ipaper.com
O15 - Trusted Zone: http://swprojecteval.ipaper.com
O15 - Trusted Zone: http://swtax.ipaper.com
O15 - Trusted Zone: http://swtaxdev.ipaper.com
O15 - Trusted Zone: http://swwid1.ipaper.com
O15 - Trusted Zone: http://techweb.ipaper.com
O15 - Trusted Zone: http://timber.ipaper.com
O15 - Trusted Zone: http://timber.dev.ipaper.com
O15 - Trusted Zone: http://timber.stg.ipaper.com
O15 - Trusted Zone: http://twis.ipaper.com
O15 - Trusted Zone: http://x769qalabserv.ipaper.com
O15 - Trusted Zone: http://x769qalabserv1.ipaper.com
O15 - Trusted Zone: http://legalhrm.ipapr.com
O15 - Trusted Zone: http://*.ipportal
O15 - Trusted Zone: http://www.irchannel.com
O15 - Trusted Zone: http://*.ITRS
O15 - Trusted Zone: http://www.marketingiq.com
O15 - Trusted Zone: http://*.myip
O15 - Trusted Zone: http://*.Oracle11i
O15 - Trusted Zone: http://*.peopleclick.com
O15 - Trusted Zone: http://*.s00csql01
O15 - Trusted Zone: http://*.s02aeatest01
O15 - Trusted Zone: http://*.s02aeppp01
O15 - Trusted Zone: http://*.s02aeppp02
O15 - Trusted Zone: http://*.s02aepsb01
O15 - Trusted Zone: http://*.s02afip01
O15 - Trusted Zone: http://*.s02awesdev01
O15 - Trusted Zone: http://*.s337acq1
O15 - Trusted Zone: http://*.s337Web02
O15 - Trusted Zone: http://*.s769ap08
O15 - Trusted Zone: http://*.sartestream02
O15 - Trusted Zone: http://*.serverdb
O15 - Trusted Zone: http://Oracle11i.shorepak.com
O15 - Trusted Zone: http://shor01.shorepak.com
O15 - Trusted Zone: http://shor02.shorepak.com
O15 - Trusted Zone: http://shor03.shorepak.com
O15 - Trusted Zone: http://shor04.shorepak.com
O15 - Trusted Zone: http://shor05.shorepak.com
O15 - Trusted Zone: http://shor06.shorepak.com
O15 - Trusted Zone: http://shor07.shorepak.com
O15 - Trusted Zone: http://*.smartforce.com
O15 - Trusted Zone: http://ip.softscape.com
O15 - Trusted Zone: http://*.svweb
O15 - Trusted Zone: http://*.swebustest2
O15 - Trusted Zone: http://*.swweb01
O15 - Trusted Zone: http://*.swwid1
O15 - Trusted Zone: http://*.w00c1220
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.x519qalabserv1
O15 - Trusted Zone: http://*.x769qalabserv1
O15 - Trusted Zone: http://fors.xpedx.com
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.micros...tes/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {19788F7F-97A8-43EE-9F8E-1AAD5DEAD362} (twControl.TreeViewControl) - http://www.abbottsfi...B/twControl.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/cult3d/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE2.cab
O16 - DPF: {7160FB1B-3DE0-4C42-81F0-41B4269990B0} (MSN Money Ticker) - http://fdl.msn.com/p.../v12/ticker.cab
O16 - DPF: {77349B07-BCEA-11D4-AFAE-005004211DB3} (BCMigrateX Control) - http://bciip/utils/B...e/BCMigrate.cab
O16 - DPF: {9A4527F8-164E-11D6-9919-0050045692D7} (WebMultiViewerCtrl.WebMultiViewer) - http://www.abbottsfi...B/WebViewer.CAB
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/p...12/invinstl.exe
O16 - DPF: {C8BAC37C-A8D2-425E-B7FC-80B9537FB14A} (SBFullS Control) - http://www.spyblast....wnload/SBFS.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...ebio5_1_3_0.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.ipaper.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.ipaper.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.ipaper.com
  • 0

#4
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Restart your computer in safe mode (by tapping F8 at startup and selecting safe mode from the menu). Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.
C:\PROGRA~1\BLUEMI~1\grim fast.exe
O4 - HKLM\..\Run: [third view] C:\PROGRA~1\BLUEMI~1\grim fast.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...tzip/RdxIE2.cab

Delete this folder: C:\PROGRAM FILES\BLUEMI... <- this folder (name abbreviated)

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log.
  • 0

#5
Ricky

Ricky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have no admin rights in same mode I guess. It won't let me use my password in log on in safe mode. i tried hijackthis to delete but I guess it won't let mein regular mode. I also tried to delete the bluem folder but as you know it told me the file was in use. So how do I get rid of the bluemix .exe in that folder??
  • 0

#6
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
I'm not surprised, as your on a corporate network. Try this press Ctrl+Alt+Delete, end the grim fast.exe process. Then try fixing those entries with Hijack This and deleting the directory.
  • 0

#7
Ricky

Ricky

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
There is no grim fast running when I look in the task manager. But I still can't delete it. It is not in my add or remove programs either.
  • 0

#8
admin

admin

    Founder Geek

  • Administrator
  • 24,501 posts
Reply with any unknown proccesses running, and we'll try and identify it.
  • 0

#9
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP