Unsolved
This post is more than 5 years old
2 Posts
0
771
myhjt file
i would appreciate someone looking at this file and commenting on it.
Logfile of HijackThis v1.99.1
Scan saved at 13:38:41, on 02/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Scan saved at 13:38:41, on 02/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\drivers\crauto.exe
C:\WINDOWS\system32\drivers\IMountSRV.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdnagent.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\drivers\crauto.exe
C:\WINDOWS\system32\drivers\IMountSRV.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
c:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
N3 - Netscape 7: user_pref("browser.startup.homepage", " http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\GERARD CRAGGS\Application Data\Mozilla\Profiles\default\mzm06e0h.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\GERARD CRAGGS\Application Data\Mozilla\Profiles\default\mzm06e0h.slt\prefs.js)
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 ads.msn.com
O1 - Hosts: 69.60.111.224 ads.switchboard.com
O1 - Hosts: 69.60.111.224 doubleclick.net
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.dogpile.com
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.imdb.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.usatoday.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 adpick.switchboard.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.infi.net
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.lycos.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.web.aol.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\\bdswitch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - c:\windows\system32\ypldpl.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: crauto - Unknown owner - C:\WINDOWS\system32\drivers\crauto.exe
O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\system32\drivers\IMountSRV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMounter - Unknown owner - C:\Paragon HDM\Ext2\PMounter.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", " http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\GERARD CRAGGS\Application Data\Mozilla\Profiles\default\mzm06e0h.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\GERARD CRAGGS\Application Data\Mozilla\Profiles\default\mzm06e0h.slt\prefs.js)
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 ads.msn.com
O1 - Hosts: 69.60.111.224 ads.switchboard.com
O1 - Hosts: 69.60.111.224 doubleclick.net
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.dogpile.com
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.imdb.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.usatoday.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 adpick.switchboard.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.infi.net
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.lycos.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.web.aol.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\\bdswitch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - c:\windows\system32\ypldpl.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: crauto - Unknown owner - C:\WINDOWS\system32\drivers\crauto.exe
O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\system32\drivers\IMountSRV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMounter - Unknown owner - C:\Paragon HDM\Ext2\PMounter.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
regards
gerry
zbestwun2001
3 Apprentice
3 Apprentice
•
8.8K Posts
0
May 2nd, 2005 16:00
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.
Download, unzip to your desktop CWShredder and run it, then:
1. Click " Check For Update"
( If an update isn't available, skip to step #4.)
2. Click " Click here to Download the upate".
3. When the new version has been downloaded, click " Save".
4. Click " Fix ->"
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O1 - Hosts: 69.60.111.224 localhost #this is not an ad server this is your PC
O1 - Hosts: 69.60.111.224 www.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.doubleclick.net #remove this for atomfilms problems
O1 - Hosts: 69.60.111.224 ad.preferences.com
O1 - Hosts: 69.60.111.224 ads.doubleclick.com
O1 - Hosts: 69.60.111.224 ads.infospace.com
O1 - Hosts: 69.60.111.224 ads.msn.com
O1 - Hosts: 69.60.111.224 ads.switchboard.com
O1 - Hosts: 69.60.111.224 doubleclick.net
O1 - Hosts: 69.60.111.224 ads.doubleclick.net
O1 - Hosts: 69.60.111.224 ad2.doubleclick.net
O1 - Hosts: 69.60.111.224 ad3.doubleclick.net
O1 - Hosts: 69.60.111.224 ad4.doubleclick.net
O1 - Hosts: 69.60.111.224 ad5.doubleclick.net
O1 - Hosts: 69.60.111.224 ad6.doubleclick.net
O1 - Hosts: 69.60.111.224 ad7.doubleclick.net
O1 - Hosts: 69.60.111.224 ad8.doubleclick.net
O1 - Hosts: 69.60.111.224 ad9.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.ch.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linkexchange.com
O1 - Hosts: 69.60.111.224 ads.enliven.com
O1 - Hosts: 69.60.111.224 oz.valueclick.com
O1 - Hosts: 69.60.111.224 banner.linkexchange.com
O1 - Hosts: 69.60.111.224 commonwealth.riddler.com
O1 - Hosts: 69.60.111.224 ad-up.com
O1 - Hosts: 69.60.111.224 ad.adsmart.net
O1 - Hosts: 69.60.111.224 ad.atlas.cz
O1 - Hosts: 69.60.111.224 ad.blm.net
O1 - Hosts: 69.60.111.224 ad.dogpile.com
O1 - Hosts: 69.60.111.224 ad.infoseek.com
O1 - Hosts: 69.60.111.224 ad.net-service.de
O1 - Hosts: 69.60.111.224 adbot.com
O1 - Hosts: 69.60.111.224 ads.criticalmass.com
O1 - Hosts: 69.60.111.224 ads.csi.emcweb.com
O1 - Hosts: 69.60.111.224 ads.filez.com
O1 - Hosts: 69.60.111.224 ads.imagine-inc.com
O1 - Hosts: 69.60.111.224 ads.imdb.com
O1 - Hosts: 69.60.111.224 ads.jwtt3.com
O1 - Hosts: 69.60.111.224 ads.newcitynet.com
O1 - Hosts: 69.60.111.224 ads.realcities.com
O1 - Hosts: 69.60.111.224 ads.realmedia.com
O1 - Hosts: 69.60.111.224 ads.tripod.com
O1 - Hosts: 69.60.111.224 ads.usatoday.com
O1 - Hosts: 69.60.111.224 ads.web.de
O1 - Hosts: 69.60.111.224 ads.web21.com
O1 - Hosts: 69.60.111.224 adserv.newcentury.net
O1 - Hosts: 69.60.111.224 adservant.guj.de
O1 - Hosts: 69.60.111.224 adservant.mediapoint.de
O1 - Hosts: 69.60.111.224 adserver-espnet.sportszone.com
O1 - Hosts: 69.60.111.224 advert.heise.de
O1 - Hosts: 69.60.111.224 banners.internetextra.com
O1 - Hosts: 69.60.111.224 bannerswap.com
O1 - Hosts: 69.60.111.224 dino.mainz.ibm.de
O1 - Hosts: 69.60.111.224 Garden.ngadcenter.net
O1 - Hosts: 69.60.111.224 Ogilvy.ngadcenter.net
O1 - Hosts: 69.60.111.224 ResponseMedia-ad.flycast.com
O1 - Hosts: 69.60.111.224 Suissa-ad.flycast.com
O1 - Hosts: 69.60.111.224 UGO.eu-adcenter.net
O1 - Hosts: 69.60.111.224 VNU.eu-adcenter.net
O1 - Hosts: 69.60.111.224 ad.preferances.com
O1 - Hosts: 69.60.111.224 ad.doubleclick.com
O1 - Hosts: 69.60.111.224 adforce.adtech.de
O1 - Hosts: 69.60.111.224 adforce.imgis.com
O1 - Hosts: 69.60.111.224 adimage.blm.net
O1 - Hosts: 69.60.111.224 adlink.deh.de
O1 - Hosts: 69.60.111.224 ad-adex3.flycast.com
O1 - Hosts: 69.60.111.224 ad.ca.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.de.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.fr.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.jp.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.linksynergy.com
O1 - Hosts: 69.60.111.224 ad.nl.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.no.doubleclick.net
O1 - Hosts: 69.60.111.224 ad.sma.punto.net
O1 - Hosts: 69.60.111.224 ad.uk.doubleclick.net
O1 - Hosts: 69.60.111.224 ad08.focalink.com
O1 - Hosts: 69.60.111.224 adcontroller.unicast.com
O1 - Hosts: 69.60.111.224 adimg.egroups.com
O1 - Hosts: 69.60.111.224 admedia.xoom.com
O1 - Hosts: 69.60.111.224 adremote.pathfinder.com
O1 - Hosts: 69.60.111.224 ads.bfast.com
O1 - Hosts: 69.60.111.224 ads.clickhouse.com
O1 - Hosts: 69.60.111.224 adpick.switchboard.com
O1 - Hosts: 69.60.111.224 ads.fairfax.com.au
O1 - Hosts: 69.60.111.224 ads.fool.com
O1 - Hosts: 69.60.111.224 ads.freshmeat.net
O1 - Hosts: 69.60.111.224 ads.hollywood.com
O1 - Hosts: 69.60.111.224 ads.i33.com
O1 - Hosts: 69.60.111.224 ads.infi.net
O1 - Hosts: 69.60.111.224 ads.link4ads.com
O1 - Hosts: 69.60.111.224 ads.lycos.com
O1 - Hosts: 69.60.111.224 ads.madison.com
O1 - Hosts: 69.60.111.224 ads.mediaodyssey.com
O1 - Hosts: 69.60.111.224 ads.ninemsn.com.au
O1 - Hosts: 69.60.111.224 ads.seattletimes.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.com
O1 - Hosts: 69.60.111.224 ads.smartclicks.net
O1 - Hosts: 69.60.111.224 ads.sptimes.com
O1 - Hosts: 69.60.111.224 ads.web.aol.com
O1 - Hosts: 69.60.111.224 ads.x10.com
O1 - Hosts: 69.60.111.224 ads.xtra.co.nz
O2 - BHO: IMTHelper Class - {FA1A6CC3-BE63-4f7c-A455-417D35A67DA6} - (no file)
O21 - SSODL: SysTrayCheck - {BC737725-6D77-468a-BA40-DD6B7B861472} - c:\windows\system32\ypldpl.dll
Now, with all windows closed except HiJackThis, click " Fix checked".
When your done, rescan your system and make sure the following isn't present:
N3 - Netscape ... 5CSBWeb_01.src ( or) 5CSBWeb_02.src
If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
files...
c:\windows\system32\ypldpl.dll
-
Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".
Post back a new log, and let me know how everything goes.
-
Steve
g.craggs
2 Posts
0
May 14th, 2005 11:00
thankyou, this seams to have worked. i have enclosed the new report
regards
gerry.
Scan saved at 13:26:44, on 14/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\MMKeybd.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\progra~1\softwin\bitdef~1\bdnagent.exe
C:\Program Files\Softwin\BitDefender Professional Edition\bdswitch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Prevx Home\SAGUI.exe
C:\progra~1\softwin\bitdef~1\bdmcon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\System32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\drivers\crauto.exe
C:\WINDOWS\system32\drivers\IMountSRV.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx Home\PXAgent.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Netropa\OSD.exe
C:\HJT\HijackThis.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", " http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\GERARD CRAGGS\Application Data\Mozilla\Profiles\default\mzm06e0h.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", " http://www.google.com/"); (C:\Documents and Settings\GERARD CRAGGS\Application Data\Mozilla\Profiles\default\mzm06e0h.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [BDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender Professional Edition\\bdswitch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe
O4 - HKLM\..\Run: [Encrypted Disk Auto Mount] rundll32.exe edshell.dll,MountAll
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\System32\tbctray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/cab/prod/DD_v4.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.euro.dell.com/global/apps/systemprofiler/PROFILER.CAB
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/shared/McMySec/en-us/1,0,0,2/mcmysec.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: crauto - Unknown owner - C:\WINDOWS\system32\drivers\crauto.exe
O23 - Service: IMountSRV - Unknown owner - C:\WINDOWS\system32\drivers\IMountSRV.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMounter - Unknown owner - C:\Paragon HDM\Ext2\PMounter.exe
O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Home\PXAgent.exe" -f (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender Professional Edition\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
zbestwun2001
3 Apprentice
3 Apprentice
•
8.8K Posts
0
May 14th, 2005 17:00
You killed them dirty dogs .
Now we just have to do clean up:
Download CleanUp and run it.
Disable and Enable System Restore.
- If you are using Windows ME or XP then you should disable and
re-enable system restore to make sure there are no infected files found
in a restore point.
You can find instructions on how to enable and re enable system restore here:
Managing Windows Millennium System Restore
or
Windows XP System Restore Guide
re-enable system restore with instructions from tutorial above
- It is very important that your computer has an anti-virus software
running on your machine. This alone can save you a lot of trouble with
malware in the future. See this link for a listing of some on line
&theirstand-alone anti virus programs:
Computer Safety On line - Anti-Virus
- It is imperitive that you update your Anti virus software at least
once a week (Even more if you wish). If you do not update your anti
virus software then it will not be able to catch any of the new
variants that may come out.
>
- I can not stress how important it is that you use a Firewall on your
computer. Without a firewall your computer is susceptible to being
hacked and taken over. Simply using a Firewall in its default
configuration can lower your risk greatly. For an article on Firewalls
and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls
regularly. This will ensure your computer has always the latest
security updates available installed on your computer. If there are new
updates to install, install them immediately, reboot your computer, and
revisit the site until there are no more critical updates.
This will provide real-time spyware & hijacker protection on
your computer alongside your virus protection. You should also scan
your computer with program on a regular basis just as you would an anti
virus software. A tutorial on installing & using this product can
be found here:
Instructions for - Spybot S & D and Ad-aware
- Install and download Ad-Aware. You should also scan your computer
with the program on a regular basis just as you would an anti virus
software in conjunction with Spybot. A tutorial on installing &
using this product can be found here:
Instructions for - Spybot S & D and Ad-aware
- SpywareBlaster will added a large list of programs and sites into
your Internet Explorer settings that will protect you from running and
downloading known malicious programs. A article on anti-malware
products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware
Steve