|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
July 26th, 2004, 09:54 AM
|
|||
|
|||
|
Home page problems
I know you genii on this site are busy with all of us amatuers, but i would appreciate if one of you would look at this "hijackthis" log and tell me what to get rid of. I am sure glad you all are here and so generous with your knowlege. Thanks
Logfile of HijackThis v1.97.7 Scan saved at 7:34:45 AM, on 7/26/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe C:\WINDOWS\system32\crypserv.exe C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe C:\mysql\bin\mysqld-nt.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ipdp.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\System32\lxamsp32.exe C:\WINDOWS\system32\sysdr.exe C:\Program Files\Netscape\Netscape\Netscp.exe C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe C:\Program Files\LexmarkX63\ACMonitor_X63.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\WINDOWS\System32\xl.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HIJACKTHIS\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://lugfd.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\lugfd.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://lugfd.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\lugfd.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.fsboutah.net/"); (C:\Documents and Settings\Jason D. Barlow\Application Data\Mozilla\Profiles\default\itme6k1o.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jason D. Barlow\Application Data\Mozilla\Profiles\default\itme6k1o.slt\prefs.js) O2 - BHO: (no name) - {B11BCDC9-1DD6-8BB6-933F-3824A67B8492} - C:\WINDOWS\apphk32.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [lxamsp32.exe] lxamsp32.exe O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sysdr.exe] C:\WINDOWS\system32\sysdr.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo O4 - HKLM\..\RunOnce: [ipdp.exe] C:\WINDOWS\system32\ipdp.exe O4 - HKLM\..\RunOnce: [sdkyw32.exe] C:\WINDOWS\system32\sdkyw32.exe O4 - HKLM\..\RunOnce: [atlvu32.exe] C:\WINDOWS\system32\atlvu32.exe O4 - HKLM\..\RunOnce: [nteh.exe] C:\WINDOWS\system32\nteh.exe O4 - HKLM\..\RunOnce: [ipbc.exe] C:\WINDOWS\system32\ipbc.exe O4 - HKLM\..\RunOnce: [sysfe.exe] C:\WINDOWS\system32\sysfe.exe O4 - HKLM\..\RunOnce: [addrb.exe] C:\WINDOWS\system32\addrb.exe O4 - HKLM\..\RunOnce: [ippc.exe] C:\WINDOWS\ippc.exe O4 - HKLM\..\RunOnce: [javasf.exe] C:\WINDOWS\system32\javasf.exe O4 - HKLM\..\RunOnce: [addql32.exe] C:\WINDOWS\addql32.exe O4 - HKLM\..\RunOnce: [d3mw32.exe] C:\WINDOWS\system32\d3mw32.exe O4 - HKLM\..\RunOnce: [appys32.exe] C:\WINDOWS\system32\appys32.exe O4 - HKLM\..\RunOnce: [d3zc.exe] C:\WINDOWS\d3zc.exe O4 - Startup: Microsoft Outlook.lnk = ? O4 - Startup: MPXPTray.lnk = C:\Program Files\Windows Media Bonus Pack for Windows XP\PowerToys\mpxptray.exe O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe O4 - Global Startup: AcBtnMgr_X63.exe.lnk = C:\Program Files\LexmarkX63\AcBtnMgr_X63.exe O4 - Global Startup: ACMonitor_X63.exe.lnk = C:\Program Files\LexmarkX63\ACMonitor_X63.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeu...ontent/opuc.cab O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
|
|
#2
July 28th, 2004, 05:59 PM
|
|||
|
|||
|
Copy and paste the contents of the Quote box into Notepad and save it to your Desktop as "GetServices.vbs" (without the quotes). Save as type: All Files
Quote:
Go to your Desktop and double click GetServices.vbs It will take a short while to run, your Anti Virus or other script blocking software may warn you of a script trying to run. Allow it to run and a text file of all the running services on your computer will pop-up. Copy and past the contents of that file in your next post. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting!
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Home page problems |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
