Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Try It Free
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection
Reload this Page

HiJack This Download

Discuss HiJack This Download in the Antivirus Protection forum on Dev Shed.
HiJack This Download Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Be the architects of evolution and help create the mobile internet future. It’s your move---enter to win here!
  #1  
Old December 31st, 2004, 12:40 PM
Deboraleewill Deboraleewill is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Posts: 3 Deboraleewill User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
HiJack This Download
I DOWN LOADED HIJACK SOFTWARE, BUT I DO NOT UNDERSTAND THIS LOG... HELP! I ALSO HAVE SPYBOT. EVERYTIME I SEARCH AND DESTROY I KEEP GETTING DSO'S AND IE PLUGIN'S.

Logfile of HijackThis v1.99.0
Scan saved at 11:35:10 AM, on 12/31/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\QUICK HEAL\CATEYE95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\QUICK HEAL\MAILSVR.EXE
C:\PROGRAM FILES\QUICK HEAL\QHM32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\QUICK HEAL\UPSCHD.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\RK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\AFTER SHOT\IXAPPLET.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\NEWSFLSH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O2 - BHO: CCEZTracksPlugin Object - {3023AF97-870E-476A-B30E-3923DF2B84BD} - C:\Program Files\EZTRACKS\eztracks_ieplug.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\NEWFOL~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\MailSvr.exe
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\SYSTEM\QUICKTIME\QUICKTIMEUPDATEHELPER.EXE" -uninstallwithapps -destfullpath "C:\Program Files\QuickTime\QuickTimeUpdater.exe" -sourcefullpath "C:\Program Files\QuickTime\TempUpdater.exe" -atboottime "QuickTime Update Completion 0"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system\rk.exe -boot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O4 - Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.298004150390625&file=stamps.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06af999e22357ec9ac00/netzip/RdxIE601.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9168e0dd849aa316e9bc12446b736fdb91deb70146bb5a4a3e9c7b4135c1a5b3531611855e695fb77cbb3504892658d1b3 e14df7c5ef026d6b630aed1d241b7f:10dc9c5f8abb4d115429d2d2b4e511ef
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.ez-tracks.com/downloader/cab/interstitial/eztdl.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2416.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
Reply With Quote
  #2  
Old December 31st, 2004, 12:57 PM
edwinbrains's Avatar
edwinbrains edwinbrains is offline
Retired Moderator
Dev Shed God 4th Plane (6500 - 6999 posts)
  
Join Date: Jan 2004
Location: London, UK
Posts: 6,670 edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced Folder
Time spent in forums: 1 Week 6 Days 23 h 36 m 40 sec
Reputation Power: 92
Thread split - it's better to create a new thread rather than replying to someone else's thread.
__________________
- Edwin -

The General Rules Thread | The General FAQ Thread
Reply With Quote
  #3  
Old December 31st, 2004, 02:07 PM
Deboraleewill Deboraleewill is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Posts: 3 Deboraleewill User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
I Need Help With My Hijack Log Report
CAN SOMEONE HELP ME WITH THIS LOG?

Logfile of HijackThis v1.99.0
Scan saved at 11:35:10 AM, on 12/31/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\QUICK HEAL\CATEYE95.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PRINTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\QUICK HEAL\MAILSVR.EXE
C:\PROGRAM FILES\QUICK HEAL\QHM32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\QUICK HEAL\UPSCHD.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\RK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\JASC SOFTWARE INC\AFTER SHOT\IXAPPLET.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\COMMON FILES\MYSOFTWARE\NEWSFLSH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPRINT VIRTUAL ASSISTANT\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sprint.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O2 - BHO: CCEZTracksPlugin Object - {3023AF97-870E-476A-B30E-3923DF2B84BD} - C:\Program Files\EZTRACKS\eztracks_ieplug.dll
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\LOCALNRD.DLL
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\NEWFOL~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Quick Heal e-mail Protection] C:\PROGRA~1\QUICKH~1\MailSvr.exe
O4 - HKLM\..\Run: [QH Office 2K Check] C:\PROGRA~1\QUICKH~1\O2KCHECK.EXE /CHECK
O4 - HKLM\..\Run: [Quick Heal Messenger] C:\PROGRA~1\QUICKH~1\QHM32.EXE
O4 - HKLM\..\Run: [QH Live Update Scheduler] C:\PROGRA~1\QUICKH~1\UPSCHD.EXE /CHECK
O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\SYSTEM\QUICKTIME\QUICKTIMEUPDATEHELPER.EXE" -uninstallwithapps -destfullpath "C:\Program Files\QuickTime\QuickTimeUpdater.exe" -sourcefullpath "C:\Program Files\QuickTime\TempUpdater.exe" -atboottime "QuickTime Update Completion 0"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE /start
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [OSS] c:\windows\system\rk.exe -boot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Quick Heal Startup Scan] C:\PROGRA~1\QUICKH~1\QHSTRT32.EXE /CHECK
O4 - HKLM\..\RunServices: [Quick Heal On-Line Protection] C:\PROGRA~1\QUICKH~1\CATEYE.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Camio Viewer.lnk = C:\Program Files\Jasc Software Inc\After Shot\IXApplet.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: Sprint FastConnect virtual assistant.lnk = C:\Program Files\Sprint Virtual Assistant\bin\matcli.exe
O4 - Startup: MySoftware NewsFlash.lnk = C:\Program Files\Common Files\MySoftware\NewsFlsh.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.com/download/us/cab/stamps/stamps.cab?r=0.298004150390625&file=stamps.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06af999e22357ec9ac00/netzip/RdxIE601.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} (CPostLaunch Object) - http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9168e0dd849aa316e9bc12446b736fdb91deb70146bb5a4a3e9c7b4135c1a5b3531611855e695fb77cbb3504892658d1b3 e14df7c5ef026d6b630aed1d241b7f:10dc9c5f8abb4d115429d2d2b4e511ef
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://www.ez-tracks.com/downloader/cab/interstitial/eztdl.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2416.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
Reply With Quote
  #4  
Old December 31st, 2004, 03:13 PM
edwinbrains's Avatar
edwinbrains edwinbrains is offline
Retired Moderator
Dev Shed God 4th Plane (6500 - 6999 posts)
  
Join Date: Jan 2004
Location: London, UK
Posts: 6,670 edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)edwinbrains User rank is Second Lieutenant (5000 - 10000 Reputation Level)  Folding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced FolderFolding Points: 85411 Folding Title: Advanced Folder
Time spent in forums: 1 Week 6 Days 23 h 36 m 40 sec
Reputation Power: 92
How can anyone help you if you close your own thread? I've opened it again. And why repost the same log twice?
Reply With Quote
  #5  
Old December 31st, 2004, 03:39 PM
Deboraleewill Deboraleewill is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Posts: 3 Deboraleewill User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Hijack Log Report
Quote:
Originally Posted by edwinbrains
Thread split - it's better to create a new thread rather than replying to someone else's thread.


Sorry, I'm just learning...
Reply With Quote
  #6  
Old January 4th, 2005, 12:43 PM
Tom Myboy Tom Myboy is offline
Contributing User
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Aug 2003
Posts: 2,491 Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level)Tom Myboy User rank is Sergeant (500 - 2000 Reputation Level) 
Time spent in forums: 3 Days 20 h 13 m 41 sec
Reputation Power: 13
Hi Deboraleewill,

If you have any questions before starting the fix, please ask!

Please download LSPFix from here:

http://cexx.org/LSPFix.exe

Do not run it, just download it for now!

Please go to Start > Control Panel > Add/Remove programs and remove:

New.Net or NewDotNet

If it is not listed in Add/Remove programs please go to:

www.newdotnet.com/removal.html

Please scroll down the page to Procedure 4: Download Uninstall from New.net

Please follow the instructions for removal.

If you lose your internet connection after the removal process, please run LSPFix.exe (don't remove any files listed, just click Finish). That should repair your internet connection.

Please post a fresh HijackThis log.

Tom
__________________
HijackThis
Ad-aware
Spybot Search & Destroy
SpywareBlaster
SpywareGuard
Housecall Online A/V Scan
Please read the stickys at the top of the forum before posting!
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > HiJack This Download

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway