Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

aurora, pop, roeings, several others

Started by cbarro1 , May 19 2005 11:01 AM

  • Please log in to reply

#1
cbarro1
Posted 19 May 2005 - 11:01 AM

cbarro1

    New Member

  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:58:14 AM, on 5/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\psa\legisinventory\legisinventoryservice.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\seeve.exe
C:\program files\tvs\tvs_b.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Documents and Settings\comreg1\Desktop\HijackThis.exe
C:\WINDOWS\System32\pjlsdpia.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\system32\userinit.exe
c:\windows\system32\kshkruu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\krndll.exe
C:\Program Files\RightFAX\FaxCtrl.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legis.state.la.us./
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysettings.legis.state.la.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaserv:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.legis.state.la.us*,*.gov.state.la.us*,http://www.sos.louisiana.gov:8090,*.lanewsbureau.com*,*.house.louisiana.gov*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {14709C50-E832-4050-A02C-1E32A53F4C99} - C:\WINDOWS\ccyvahnvb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6b3ef6e2-f4d4-4033-92fb-1ff949099eb6} - (no file)
O2 - BHO: (no name) - {6cfe9025-e923-4a69-982e-3d73a6dc1f3f} - (no file)
O2 - BHO: (no name) - {77261383-3d96-4776-805f-092f237f9d57} - (no file)
O2 - BHO: (no name) - {82783513-c26a-44c0-b6f0-99336dfb4d13} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {9dd0a9e0-e059-4703-aaa2-663d52818243} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {ed421b64-4bc3-4f00-a499-d9332382b155} - (no file)
O2 - BHO: (no name) - {f224531b-e389-49d4-8d05-f45ab66f9d51} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PCUpdate] C:\psa\pcupdate\pcupdate.exe
O4 - HKLM\..\Run: [Legiscribe] C:\legis_50\Psawpdlg.exe
O4 - HKLM\..\Run: [jhfaxkrk] C:\WINDOWS\System32\jhfaxkrk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [oG3m7j] C:\docume~1\comreg1\locals~1\temp\oG3m7j.exe
O4 - HKLM\..\Run: [HRZCB] C:\docume~1\comreg1\locals~1\temp\HRZCB.exe
O4 - HKLM\..\Run: [DEABlC] C:\docume~1\comreg1\locals~1\temp\DEABlC.exe
O4 - HKLM\..\Run: [iLTrZrhh] C:\documents and settings\comreg1\local settings\temp\iLTrZrhh.exe
O4 - HKLM\..\Run: [Dj] C:\documents and settings\comreg1\local settings\temp\Dj.exe
O4 - HKLM\..\Run: [06vNgT] C:\documents and settings\comreg1\local settings\temp\06vNgT.exe
O4 - HKLM\..\Run: [YWEiCwFxQ] C:\documents and settings\comreg1\local settings\temp\YWEiCwFxQ.exe
O4 - HKLM\..\Run: [*winvb] C:\WINDOWS\Web\winvb.exe
O4 - HKLM\..\Run: [Bk1k7KFl] C:\windows\Bk1k7KFl.exe
O4 - HKLM\..\Run: [Be0tNPW] C:\windows\Be0tNPW.exe
O4 - HKLM\..\Run: [9VwCc] C:\documents and settings\comreg1\local settings\temp\9VwCc.exe
O4 - HKLM\..\Run: [f0j5Id] C:\documents and settings\comreg1\local settings\temp\f0j5Id.exe
O4 - HKLM\..\Run: [bx7S9] C:\documents and settings\comreg1\local settings\temp\bx7S9.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\comreg1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [uS] C:\documents and settings\comreg1\local settings\temp\uS.exe
O4 - HKLM\..\Run: [Ak] C:\documents and settings\comreg1\local settings\temp\Ak.exe
O4 - HKLM\..\Run: [p] C:\documents and settings\comreg1\local settings\temp\p.exe
O4 - HKLM\..\Run: [WOiq4v] C:\documents and settings\comreg1\local settings\temp\WOiq4v.exe
O4 - HKLM\..\Run: [LOwO] C:\documents and settings\comreg1\local settings\temp\LOwO.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [qn6O3sj] pjlsdpia.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ozmbcl] c:\windows\system32\kshkruu.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bCpERiH3R] krndll.exe
O4 - Startup: [email protected] = C:\Program Files\Radio@Netscape Plus\Program\[email protected]
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.appserv
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://appserv.legis.state.la.us
O15 - Trusted Zone: http://*.appserv (HKLM)
O15 - Trusted Zone: http://appserv.legis.state.la.us (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\Software\..\Telephony: DomainName = legis.state.la.us
O17 - HKLM\System\CCS\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Legis Inventory - Louisiana Legislature - c:\psa\legisinventory\legisinventoryservice.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
  • 0

Advertisements

#2
Dragon
Posted 19 May 2005 - 12:25 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
You have a number of randomonly named files on your system. We like to start with an online virus and trojan scan. Even though you have antivirus software on your system, it can become corrupted by malware.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.
  • 0

#3
cbarro1
Posted 19 May 2005 - 02:25 PM

cbarro1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here's my new log

Logfile of HijackThis v1.99.1
Scan saved at 3:22:48 PM, on 5/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\psa\legisinventory\legisinventoryservice.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\seeve.exe
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\system32\userinit.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\pjlsdpia.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
c:\windows\system32\tcflfx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\krndll.exe
C:\Program Files\RightFAX\FaxCtrl.exe
C:\Documents and Settings\comreg1\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://government.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.legis.state.la.us./
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxysettings.legis.state.la.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = isaserv:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.legis.state.la.us*,*.gov.state.la.us*,http://www.sos.louisiana.gov:8090,*.lanewsbureau.com*,*.house.louisiana.gov*;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: jimmyhelp.CBrowserHelper - {14709C50-E832-4050-A02C-1E32A53F4C99} - C:\WINDOWS\ccyvahnvb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6b3ef6e2-f4d4-4033-92fb-1ff949099eb6} - (no file)
O2 - BHO: (no name) - {6cfe9025-e923-4a69-982e-3d73a6dc1f3f} - (no file)
O2 - BHO: (no name) - {77261383-3d96-4776-805f-092f237f9d57} - (no file)
O2 - BHO: (no name) - {82783513-c26a-44c0-b6f0-99336dfb4d13} - (no file)
O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll (file missing)
O2 - BHO: (no name) - {9dd0a9e0-e059-4703-aaa2-663d52818243} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {ed421b64-4bc3-4f00-a499-d9332382b155} - (no file)
O2 - BHO: (no name) - {f224531b-e389-49d4-8d05-f45ab66f9d51} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PCUpdate] C:\psa\pcupdate\pcupdate.exe
O4 - HKLM\..\Run: [Legiscribe] C:\legis_50\Psawpdlg.exe
O4 - HKLM\..\Run: [jhfaxkrk] C:\WINDOWS\System32\jhfaxkrk.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [oG3m7j] C:\docume~1\comreg1\locals~1\temp\oG3m7j.exe
O4 - HKLM\..\Run: [HRZCB] C:\docume~1\comreg1\locals~1\temp\HRZCB.exe
O4 - HKLM\..\Run: [DEABlC] C:\docume~1\comreg1\locals~1\temp\DEABlC.exe
O4 - HKLM\..\Run: [iLTrZrhh] C:\documents and settings\comreg1\local settings\temp\iLTrZrhh.exe
O4 - HKLM\..\Run: [Dj] C:\documents and settings\comreg1\local settings\temp\Dj.exe
O4 - HKLM\..\Run: [06vNgT] C:\documents and settings\comreg1\local settings\temp\06vNgT.exe
O4 - HKLM\..\Run: [YWEiCwFxQ] C:\documents and settings\comreg1\local settings\temp\YWEiCwFxQ.exe
O4 - HKLM\..\Run: [*winvb] C:\WINDOWS\Web\winvb.exe
O4 - HKLM\..\Run: [Bk1k7KFl] C:\windows\Bk1k7KFl.exe
O4 - HKLM\..\Run: [Be0tNPW] C:\windows\Be0tNPW.exe
O4 - HKLM\..\Run: [9VwCc] C:\documents and settings\comreg1\local settings\temp\9VwCc.exe
O4 - HKLM\..\Run: [f0j5Id] C:\documents and settings\comreg1\local settings\temp\f0j5Id.exe
O4 - HKLM\..\Run: [bx7S9] C:\documents and settings\comreg1\local settings\temp\bx7S9.exe
O4 - HKLM\..\Run: [DI2] "C:\DOCUME~1\comreg1\LOCALS~1\Temp\27.exe\27.exe"
O4 - HKLM\..\Run: [uS] C:\documents and settings\comreg1\local settings\temp\uS.exe
O4 - HKLM\..\Run: [Ak] C:\documents and settings\comreg1\local settings\temp\Ak.exe
O4 - HKLM\..\Run: [p] C:\documents and settings\comreg1\local settings\temp\p.exe
O4 - HKLM\..\Run: [WOiq4v] C:\documents and settings\comreg1\local settings\temp\WOiq4v.exe
O4 - HKLM\..\Run: [LOwO] C:\documents and settings\comreg1\local settings\temp\LOwO.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [qn6O3sj] pjlsdpia.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [jcshmav] c:\windows\system32\tcflfx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [bCpERiH3R] krndll.exe
O4 - Startup: [email protected] = C:\Program Files\Radio@Netscape Plus\Program\[email protected]
O4 - Global Startup: RightFAX Print-to-Fax Driver.lnk = ?
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.appserv
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O15 - Trusted Zone: http://appserv.legis.state.la.us
O15 - Trusted Zone: http://*.appserv (HKLM)
O15 - Trusted Zone: http://appserv.legis.state.la.us (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\Software\..\Telephony: DomainName = legis.state.la.us
O17 - HKLM\System\CCS\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = legis.state.la.us
O17 - HKLM\System\CS1\Services\Tcpip\..\{29373ACD-8328-4F4E-BBD0-2E0A8316D462}: Domain = legis.state.la.us
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Legis Inventory - Louisiana Legislature - c:\psa\legisinventory\legisinventoryservice.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
  • 0

#4
Dragon
Posted 19 May 2005 - 04:49 PM

Dragon

    All Around Computer Nut

  • Retired Staff
  • 2,682 posts
You Have a CoolWebSearch Infection.
Please Download CoolWebShredder, from http://www.geekstogo...=download&id=17 , Extract it & run the program. close all browser and windows, including this one, then click the Next Button & let it scan. Make sure you let it fix all CWS Remnants. Afterwards, Please Post a fresh Hijack This log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP