Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No clue where to go from here


  • Please log in to reply

#1
enet

enet

    Member

  • Member
  • PipPip
  • 12 posts
;)
Logfile of HijackThis v1.99.1Scan saved at 8:47:07 PM, on 4/10/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\LEXPPS.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\program files\valve\steam\steam.exeC:\Program Files\Messenger\msmsgs.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINNT\System32\NMSSvc.exeC:\WINNT\system32\nvsvc32.exeC:\WINNT\System32\svchost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Owner\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\fdusi.dll/sp.html#29126R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://rl.webtracer.cc/--/?atgkn"]http://rl.webtracer.cc/--/?atgkn[/url] (obfuscated)R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://rl.webtracer.cc/-/?atgkn"]http://rl.webtracer.cc/-/?atgkn[/url] (obfuscated)R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.gateway.net"]http://www.gateway.net[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url="http://rl.webtracer.cc/---/?atgkn"]http://rl.webtracer.cc/---/?atgkn[/url] (obfuscated)R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\fdusi.dll/sp.html#29126R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\fdusi.dll/sp.html#29126R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = [url="http://rl.webtracer.cc/-/?atgkn"]http://rl.webtracer.cc/-/?atgkn[/url] (obfuscated)R3 - Default URLSearchHook is missingO1 - Hosts file is located at: C:\WINNT\inf\hostsO2 - BHO: (no name) - {4E43C0B5-7A02-574F-CBC2-EBCE7093424E} - C:\WINNT\crjm32.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO4 - HKLM\..\Run: [javahe32.exe] C:\WINNT\system32\javahe32.exeO4 - HKLM\..\Run: [iplb32.exe] C:\WINNT\system32\iplb32.exeO4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -uO4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silentO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted IP range: 206.161.125.149O15 - Trusted IP range: 206.161.125.149 (HKLM)O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - [url="http://www.addictivetechnologies.net/DM0/cab/MyFm01.cab"]http://www.addictivetechnologies.net/DM0/cab/MyFm01.cab[/url]O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - [url="http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6"]http://public.windupdates.com/get_file.php...8a29296baabe1d6[/url]O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099454488578"]http://v5.windowsupdate.microsoft.com/v5co...b?1099454488578[/url]O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CABO16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CABO16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url="http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab"]http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab[/url]O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINNT\msopt.dll (file missing)O19 - User stylesheet:  (file missing)O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXEO23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exeO23 - Service: Network Security Service (NSS) (%AF) - Unknown owner - C:\WINNT\ntij32.exe (file missing)
Well there it is. :tazz: ;)
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
enet. Welcome back. Please run another log and post it, since it's been four days. I'll look at it as soon as it's posted. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP