Show Posts

1

Tech Clinic / Having problems (here's my HJT log)

« on: February 05, 2005, 12:30:05 PM »

Hi Guestolo,

I was able to stay on long enough to do the Trendmicro virus scan and you're right, there are several Trojans and infected files.

There are a few that it can't delete because it says they are in use. Is there a way to stop them and re scan to delete?

Thank you

2

Tech Clinic / Having problems (here's my HJT log)

« on: February 02, 2005, 10:39:48 PM »

Guestolo- Thank you for not giving up on me after I failed to follow instructions. I'm working on the online scan (it's taking a while), and will post a new log.

I will restore those legit entries.

I appologize and thank you!

3

Tech Clinic / Having problems (here's my HJT log)

« on: February 01, 2005, 09:40:39 PM »

Thank you so much for staying with me!

Servicefilter:

The script did not recognize the services listed below.
This does not mean that they are a problem.

To copy the entire contents of this document for posting:
At the top of this window click "Edit" then "Select All"
Next click "Edit" again then "Copy"
Now right click in the forum post box then click "Paste"

########################################

ServiceFilter 1.1
by rand1038

Microsoft Windows XP Home Edition
Version: 5.1.2600 Service Pack 1
Feb 1, 2005 9:39:20 PM

===> Begin Service Listing <===

Unknown Service #1
Service Name: SwPrv
Display Name: MS Software Shadow Copy Provider
Start Mode: Manual
Start Name: LocalSystem
Description: Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this ...
Service Type: Own Process
Path: c:\windows\system32\dllhost.exe /processid:{f79a1568-d6c5-4c69-a086-936cf52dbbe3}
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 2
Service Name: TUWinStylerThemeSvc
Display Name: TuneUp WinStyler Theme Service
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Own Process
Path: c:\program files\tuneup utilities 2004\winstylerthemesvc.exe
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

Unknown Service # 3
Service Name: %AFå¤¶À¨
Display Name: Network Security Service (NSS)
Start Mode: Auto
Start Name: LocalSystem
Description: ...
Service Type: Share Process
Path: c:\windows\system32\addzh32.exe /s
State: Stopped
Process ID: 0
Started: False
Exit Code: 1077
Accept Pause: False
Accept Stop: False

---> End Service Listing <---

There are 77 Win32 services on this machine.
3 were unrecognized.

Script Execution Time: 9.859375 seconds.

4

Tech Clinic / Having problems (here's my HJT log)

« on: February 01, 2005, 09:04:31 PM »

guestolo-

Thank you sir for your time!

Here's everything restored and a fresh log. Thank you!!

Logfile of HijackThis v1.99.0
Scan saved at 9:04:23 PM, on 2/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\soft.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://acc.count-all.com/--/?seojz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acc.count-all.com/-/?seojz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://acc.count-all.com/--/?seojz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?seojz
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dccwy.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://acc.count-all.com/--/?seojz
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.alfa-search.com/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R3 - Default URLSearchHook is missing
F1 - win.ini: run=C:\WINDOWS\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo\info32.exe
F2 - REG:system.ini: Shell=Explorer.exe,sysdisk16.exe -shell
F3 - REG:win.ini: run=C:\WINDOWS\System32\soft.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C4EA8D2-2AB1-E54D-DA75-3B904D318D63} - C:\WINDOWS\d3qi32.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: BHO Class - {575A5AE9-B68E-4BEB-BACB-FE430448C654} - C:\WINDOWS\System32\WinSuck.dll
O2 - BHO: (no name) - {5C373BD8-E281-13C6-522B-88C77370ADEB} - C:\WINDOWS\system32\mfcya32.dll
O2 - BHO: (no name) - {8F99086A-1ECC-586D-E124-EE5C740E2067} - C:\WINDOWS\system32\mfcyk32.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C19B9125-B9FB-3BFD-7568-61F62B879410} - C:\WINDOWS\system32\apisl32.dll
O2 - BHO: (no name) - {CDBFF8B8-534F-BC18-7B33-92AC735C119A} - C:\WINDOWS\system32\ntti32.dll
O2 - BHO: (no name) - {DAA0C15D-0C3B-5FF6-7BB5-B86285276180} - C:\WINDOWS\system32\javawi.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O2 - BHO: BHO Class - {F6053709-5723-454E-AB9D-7FC7E681AFA5} - C:\WINDOWS\System32\WinTitle.dll
O2 - BHO: (no name) - {F81BD8D0-C985-F72A-039B-77B9FB1B7790} - C:\WINDOWS\system32\mfcql.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvppc32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [appak32.exe] C:\WINDOWS\SYSTEM32\appak32.exe
O4 - HKLM\..\Run: [Virus Scan] virusscan.exe
O4 - HKLM\..\Run: [WinMgr32] C:\WINDOWS\System32\winmgr.exe
O4 - HKLM\..\Run: [IPConfig] svcxnv32.exe
O4 - HKLM\..\Run: [javaqg32.exe] C:\WINDOWS\system32\javaqg32.exe
O4 - HKLM\..\Run: [DllCacherv2] C:\WINDOWS\System32\dllcachv1.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Winsock Wrapper] C:\WINDOWS\System32\ws2_32s.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\RunOnce: [javadc.exe] C:\WINDOWS\javadc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IPConfig] svcxnv32.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Memory Stick Monitor.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\googletoolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[censored]ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: c4tdownload.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: newiframe.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: clickspring.net
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: xxxtoolbar.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: private-iframe.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: searchbarcash.com
O15 - Trusted IP range: blazefind.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: 05p.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: mt-download.com
O15 - Trusted IP range: f1organizer.com
O15 - Trusted IP range: scoobidoo.com
O15 - Trusted IP range: awmdabest.com
O15 - Trusted IP range: xxxtoolbar.com
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: slotch.com
O15 - Trusted IP range: flingstone.com
O15 - Trusted IP range: my-internet.info
O15 - Trusted IP range: searchmiracle.com
O15 - Trusted IP range: clickspring.net
O15 - Trusted IP range: private-dialer.biz
O15 - Trusted IP range: bettersearch.biz
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: iframe.biz
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: overpro.com
O15 - Trusted IP range: pizdato.biz
O15 - Trusted IP range: mt-download.com
O15 - Trusted IP range: vse-moe.biz
O15 - Trusted IP range: windupdates.com
O15 - Trusted IP range: admin2cash.biz
O15 - Trusted IP range: awmdabest.com
O15 - Trusted IP range: addictivetechnologies.net
O15 - Trusted IP range: addictivetechnologies.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: pizdato.biz
O15 - Trusted IP range: crazywinnings.com
O15 - Trusted IP range: megapornix.com
O15 - Trusted IP range: sp2admin.biz
O15 - Trusted IP range: addictivetechnologies.net
O15 - Trusted IP range: sp2[censored]ed.biz
O15 - Trusted IP range: ysbweb.com
O15 - Trusted IP range: private-dialer.biz
O15 - Trusted IP range: finefind.nettraffic2cash.biz
O15 - Trusted IP range: private-iframe.biz
O15 - Trusted IP range: slotch.com
O15 - Trusted IP range: vse-moe.biz
O15 - Trusted IP range: f1organizer.com
O15 - Trusted IP range: c4tdownload.com
O15 - Trusted IP range: awmdabest.com
O15 - Trusted IP range: overpro.com
O15 - Trusted IP range: ysbweb.com
O15 - Trusted IP range: slotch.com
O15 - Trusted IP range: newiframe.biz
O15 - Trusted IP range: iframe.biz
O15 - Trusted IP range: mt-download.com
O15 - Trusted IP range: xxxtoolbar.com
O15 - Trusted IP range: addictivetechnologies.com
O15 - Trusted IP range: admin2cash.biz
O15 - Trusted IP range: clickspring.net
O15 - Trusted IP range: windupdates.com
O15 - Trusted IP range: topconverting.com
O15 - Trusted IP range: bettersearch.biz
O15 - Trusted IP range: sp2[censored]ed.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: megapornix.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: sp2admin.biz
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com
O15 - Trusted IP range: static.topconverting.com
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: scoobidoo.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - Trusted IP range: 05p.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: searchmiracle.com (HKLM)
O15 - Trusted IP range: my-internet.info (HKLM)
O15 - Trusted IP range: mt-download.com (HKLM)
O15 - Trusted IP range: frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: slotch.com (HKLM)
O15 - Trusted IP range: searchbarcash.com (HKLM)
O15 - Trusted IP range: blazefind.com (HKLM)
O15 - Trusted IP range: clickspring.net (HKLM)
O15 - Trusted IP range: xxxtoolbar.com (HKLM)
O15 - Trusted IP range: flingstone.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O15 - Trusted IP range: awmdabest.com (HKLM)
O15 - Trusted IP range: static.topconverting.com (HKLM)
O16 - DPF: v3cab - http://searchmiracle.com/cab/1.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B457DB9-45CC-4A93-8244-C53209161C2E}: NameServer = 207.69.188.187 207.69.188.186
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com VirusScan Online Realtime Engine - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: TuneUp WinStyler Theme Service - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\system32\addzh32.exe (file missing)

5

Tech Clinic / Having problems (here's my HJT log)

« on: February 01, 2005, 08:49:25 PM »

Hello,

I'm having many problems with spyware and IE closing on me.

I know how to start in safe mode and I've adjusted to show hidden files (but that's about all I know). I've tried fixing it with HJT and have deleted some things. I would greatly appreciate any assistance!!

Here's my log:

Logfile of HijackThis v1.99.0
Scan saved at 8:47:57 PM, on 2/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\soft.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvppc32.exe
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.addictivetechnologies.net
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.f1organizer.com
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.megapornix.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.private-iframe.biz
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2[censored]ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: v3cab - http://searchmiracle.com/cab/10.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx

TheTechGuide Forum

News:

Messages - scv8

Tech Clinic / Having problems (here's my HJT log)

Tech Clinic / Having problems (here's my HJT log)

Tech Clinic / Having problems (here's my HJT log)

Tech Clinic / Having problems (here's my HJT log)

Tech Clinic / Having problems (here's my HJT log)