Scan saved at 8:42:21 PM, on 3/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
O1 - Hosts: 1159680172 auto.search.msn.com
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00001015-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter15 Class) - http://www.netmarble...NMStarter15.cab
O16 - DPF: {091CDD73-1401-4643-9B9C-65B091C88685} (MyLinker Control) - http://sbsi.contents...le/MyLinker.cab
O16 - DPF: {0CD2EC08-3CF6-4BC4-BF48-824F4C1994F1} (SecureSession Class) - http://www.samsungfn...oolkitForIE.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://C: oo.mht!http://superprogdown...9.chm::/win.exe
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.co...On/AlwaysOn.CAB
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {3694F19D-ED4D-4DA8-BECD-26FB830753D1} (DCLinker Class) - http://www.norazo.co...dreamlinker.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - https://mpi.dacom.ne..._XPayMPIOCX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {51C99F40-9E0E-4BF1-A92A-77121CC01AD0} (IMBCClient Control) - http://touch.imbc.com/ocx/touch.cab
O16 - DPF: {5600C1B3-B29D-45CB-A9A6-C7667101E057} (ToonsXSBS Control) - http://comics.sbs.co...r/ToonsXSBS.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {5E582BD1-6FAA-40F2-87A8-130AD325DABB} (Kdfense7 Control) - http://www.samsungfn...01/kdfense7.cab
O16 - DPF: {6F4863C1-482C-4744-8946-4AEA34DF1A16} (FreechalOn Class) - http://login.freecha...on/FcOnCtl8.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo....ace/cvtrace.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://www.citibank....w50_install.cab
O16 - DPF: {7F5A6106-D92D-11D3-8B31-0050CE181ABE} (IHDPaca Class) - http://www.youfirst....aweb_nojava.cab
O16 - DPF: {7FC751A9-492D-41B1-9F8D-D2C8809D8907} (EmoWebInstallerCtl Class) - http://pimg.hanmail....TVInstaller.cab
O16 - DPF: {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} (SLViewer Control) - http://www.seevideo....ve/SLViewer.CAB
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netm...tX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma.../cab9/dmcc2.cab
O16 - DPF: {9BDB3F92-4F99-45EA-93E2-27D9FAA51FC1} (MediaShellStream Control) - http://mediashell.te...35/asp_live.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.c...l/mv/XTools.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis...INIwallet50.cab
O16 - DPF: {AD906BA4-9679-4A50-94C6-D677526BB92A} (CyImageCtl Class) - http://cyimg2.cyworl...ImageUpload.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.c...der20041018.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://download.netm...protect/npx.cab
O16 - DPF: {D44C7CBF-FB35-41CF-8D6C-C0A2143EB46C} (Yessign3 Control) - http://www.yessign.o...rt/yessign3.cab
O16 - DPF: {D62C6763-3AF7-481A-B31D-02BB6BE1D2EE} (ToonsXYahooKorea Control) - http://comic.yahoo.c...XYahooKorea.cab
O16 - DPF: {D8F001C6-43B1-4CFD-9DAF-C8BEAE0E2B6D} (Touch Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {E63BBFD1-062B-4BE8-9374-C64C04BB8577} (hdRhttp Control) - http://www.youfirst....ding/hrhttp.cab
O16 - DPF: {EA317780-E2A5-418E-8837-4ED5C23F980E} (CafeBroker Class) - http://www.cafe24.co...feBrokerCtl.cab
O16 - DPF: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} (SKCommAX Control) - http://www.samsungfn...ab/SKCommAX.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co....own/PDBox25.cab
O16 - DPF: {F684B4EA-0F0A-4AE3-9C7B-EEB60DA575F8} (MPICtl Class) - https://mpi.dacom.ne...ate_XPayMPI.cab
O19 - User stylesheet: C:\WINDOWS\stsheets.dat
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
The hijacker I have keeps my home page as http://rl.webtracer.cc/-/?bayzm.
Thanks in advance for any help!!
Sign In
Create Account
