Help Me Out!!! Virus Plz - Page 2

View Poll Results: How many of you are using IPSec?

Voters
16. You may not vote on this poll
  • I am currently using IPSec

    7 43.75%
  • I am not currently uing IPSec

    6 37.50%
  • I plan on implementing IPSec on my network soon.

    3 18.75%
Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 31

Thread: Help Me Out!!! Virus Plz

  1. #11
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    hi moderator and swordfish


    Logfile of HijackThis v1.99.0
    Scan saved at 3:43:32 PM, on 12/24/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2462.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MDM.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\SYSTEM\CMD32.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\APPLICATION DATA\COST.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\IR.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 203.200.72.100:80
    O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
    O1 - Hosts: 127.0.0.3 x.full-tgp.net
    O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
    O1 - Hosts: 127.0.0.3 autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.awmdabest.com
    O1 - Hosts: 127.0.0.3 www.sexfiles.nu
    O1 - Hosts: 127.0.0.3 awmdabest.com
    O1 - Hosts: 127.0.0.3 sexfiles.nu
    O1 - Hosts: 127.0.0.3 allforadult.com
    O1 - Hosts: 127.0.0.3 www.allforadult.com
    O1 - Hosts: 127.0.0.3 www.iframe.biz
    O1 - Hosts: 127.0.0.3 iframe.biz
    O1 - Hosts: 127.0.0.3 www.newiframe.biz
    O1 - Hosts: 127.0.0.3 newiframe.biz
    O1 - Hosts: 127.0.0.3 www.vesbiz.biz
    O1 - Hosts: 127.0.0.3 vesbiz.biz
    O1 - Hosts: 127.0.0.3 www.pizdato.biz
    O1 - Hosts: 127.0.0.3 pizdato.biz
    O1 - Hosts: 127.0.0.3 www.aaasexypics.com
    O1 - Hosts: 127.0.0.3 aaasexypics.com
    O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
    O1 - Hosts: 127.0.0.3 virgin-tgp.net
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD.DLL
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {9274D048-5431-11D9-8423-4C00531E4DC6} - C:\WINDOWS\SYSTEM\DLK.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Sbob] C:\WINDOWS\Application Data\cost.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O4 - Startup: DLHelperEXE.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Contacts - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - C:\PROGRAM FILES\INTERNET EXPLORER\IECONT.DLL
    O9 - Extra button: (no name) - {233A9694-667E-11d1-9DFB-006097D5040A} - (no file)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.topconverting.com
    O15 - Trusted Zone: *.crazywinnings.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.topconverting.com (HKLM)
    O15 - Trusted Zone: *.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted IP range: 67.19.185.246
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111111157} - ms-its:mhtml:file://c:\nosuch.mht!http://209.8.20.130/dl/adv343/x.chm::/load.exe
    O16 - DPF: {33333333-3333-4444-3333-555555555555} - ms-its:mhtml:file://d:\foo.mht!http://kscorporations.com//style.css::/open.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Cl...bridge-c18.cab
    O18 - Filter: text/html - {07C21C40-5432-11D9-8423-4C00F62D97E6} - C:\WINDOWS\SYSTEM\DLK.DLL
    O18 - Filter: text/plain - {07C21C40-5432-11D9-8423-4C00F62D97E6} - C:\WINDOWS\SYSTEM\DLK.DLL
    O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - (no file)
    Came as strangers,
    met as friends ,
    Parted as one

  2. #12
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    roshaz you can start the following way.

    If you can go online do the following :

    1. Go to windows update site and scan your computer for any security patches. download them all. (this step is most important)

    2. Get a firewall like Zonealarm (this is very easy to configure. just pay attention to what program's you allow access over the internet this will also allow you to stop that malware from going online.

    3. update your norton and scan your entire computer (all the drive's). remember NOT TO EXCLUDE ANY FILES OR FILE TYPE'S. ALSO CHANGE YOUR BLOODHOUND SETTINGS IN NORTON TO MAXIMUM. <----- "DO THE SCAN IN " SAFE MODE ". DELETE ALL FILES NO QUARANTINE.

    4. now run your spy-bot (update it first) in safe mode to and see that you include your donload directories too. (this can be done by starting spy-bot in advanced mode then settings and then directories) if you dont know how to start in advanced mode just start spy-bot then from upper menu's select Mode>Advanced mode.

    5. Uninstall any P2P program and any unwanted program.

    If done correctly your the malware should be gone. but for precaution

    download spywareblaster and spywareguard from www.javacoolsoftware.com

    also get your computer scanned online at http://housecall.trendmicro.com

    and if you can (and i think you should) change your browser to firefox which can be downloaded from :
    http://www.mozilla.org/products/firefox/central.html.

    Hope this help's. keep us updated .
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  3. #13
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    greeting's

    start internet explorer. then do the following.
    Tools>internet option>Security>Trusted site's and remove all site's from here. <---- very important you do this.

    Now change your internet settings you medium and then click on default level and

    1. disable loading of active-x component's better still make all active-x related settings to "DISABLE"

    like i said before get mozilla firefox.

    Also update your computer now go to windowsupdate site. you will never be able to get malware out of your system if you dont patch it.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  4. #14
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    also it looks like your host file is completely infested.

    go to your host file (i am not sure where it is in winndows 98) but you may try by changing your viewing option to show "ALL FILES" then going to windows directory and opening your host file and removing all entries.


    and for better understanding whats wrong with you PC go to
    http://www.hijackthis.de/logfiles/6f...1490a74a0.html

    I have saved analysis of your hiajckthis log.

    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #15
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    hi ted
    i m a newbie. i have been downloading all sorts of things into the comp.
    i have updated all type of software.
    even now my comp is doin the trend micro thing
    you are scaring me by telling all the jargons.
    wht is host file? pls clarify

    sword fish and moderator where art thou?
    i have done the trusted sites thing
    thanks
    Came as strangers,
    met as friends ,
    Parted as one

  6. #16
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    Ok, basically you computer is totally infested with sex crap. Looking at your hijack this log I can tell you that these:

    O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
    O1 - Hosts: 127.0.0.3 x.full-tgp.net
    O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
    O1 - Hosts: 127.0.0.3 autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
    O1 - Hosts: 127.0.0.3 www.awmdabest.com
    O1 - Hosts: 127.0.0.3 www.sexfiles.nu
    O1 - Hosts: 127.0.0.3 awmdabest.com
    O1 - Hosts: 127.0.0.3 sexfiles.nu
    O1 - Hosts: 127.0.0.3 allforadult.com
    O1 - Hosts: 127.0.0.3 www.allforadult.com
    O1 - Hosts: 127.0.0.3 www.iframe.biz
    O1 - Hosts: 127.0.0.3 iframe.biz
    O1 - Hosts: 127.0.0.3 www.newiframe.biz
    O1 - Hosts: 127.0.0.3 newiframe.biz
    O1 - Hosts: 127.0.0.3 www.vesbiz.biz
    O1 - Hosts: 127.0.0.3 vesbiz.biz
    O1 - Hosts: 127.0.0.3 www.pizdato.biz
    O1 - Hosts: 127.0.0.3 pizdato.biz
    O1 - Hosts: 127.0.0.3 www.aaasexypics.com
    O1 - Hosts: 127.0.0.3 aaasexypics.com
    O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
    O1 - Hosts: 127.0.0.3 virgin-tgp.net

    are not good, you should delete those, also:

    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.topconverting.com
    O15 - Trusted Zone: *.crazywinnings.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.slotchbar.com
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.my-internet.info (HKLM)
    O15 - Trusted Zone: *.flingstone.com (HKLM)
    O15 - Trusted Zone: *.clickspring.net (HKLM)
    O15 - Trusted Zone: *.topconverting.com (HKLM)
    O15 - Trusted Zone: *.crazywinnings.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.slotchbar.com (HKLM)
    O15 - Trusted IP range: 67.19.185.246
    O15 - Trusted IP range: 67.19.185.246 (HKLM)

    don't look good either, maybe think about deleting those.

    I think you should take an hour of your time and do research on all of those things I have pointed out. I just did a quick scan of your log and I'm sure I missed alot of other bad things in your log. Don't go deleting things just because I told you though, you should wait for a mroe experienced hijack this user to come a long and double check, but I can definitly tell you that the things I have listed are not good lol. Make a system restore point before deleting things...
    I am the uber duck!!1
    Proxy Tools

  7. #17
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Ros~

    My nilam, my baljit..............I hope I got those right

    Do a Google search and find AdAware SE and Spybot Search & Destroy.......run these, and an updated anti-virus in SAFE MODE

    Then post the HJT log

    Sorry............I am lazy.........let the donkeys/mules carry the heavy loads?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  8. #18
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    hi nihil
    wht is hjt log.
    i have spybot but how to get the log file.

    i am trying to solve through hijack this.
    but always i get this
    O15 - Trusted IP range: 67.19.185.246
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    no matter how much i delete it. it comes back

    is there anyhow i can delete the temporary files in the IE as my NAV detects all of virus from
    D:\Temporary Internet Files\Content.IE5

    can u also provide info about:
    O2 - BHO: (no name) - {9274D048-5431-11D9-8423-4C00531E4DC6} - C:\WINDOWS\SYSTEM\DLK.DLL
    and when i submitted it in hijack this to analyse my log file then they used a term HIT RATE=-1 %
    wht does it mean
    and
    O4 - Startup: DLHelperEXE.exe
    have you ever heard of this DLhelperexe.exe

    plz help me out

    thanks
    Came as strangers,
    met as friends ,
    Parted as one

  9. #19
    Junior Member
    Join Date
    Dec 2003
    Posts
    22
    i have deleted all the necessary files .
    plz tell me which all more should be fixed through hijackthis

    Logfile of HijackThis v1.99.0
    Scan saved at 11:18:36 AM, on 12/26/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2462.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IGFXTRAY.EXE
    C:\WINDOWS\SYSTEM\HKCMD.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\LVCOMSX.EXE
    C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
    C:\WINDOWS\APPLICATION DATA\COST.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE
    C:\WINDOWS\SYSTEM\IR.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [LVCOMSX] c:\windows\SYSTEM\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
    O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted IP range: 67.19.185.246
    O15 - Trusted IP range: 67.19.185.246 (HKLM)
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab



    as you can see i cannot delete the trusted sites things as they keep on coming
    even when i delete it everytime.

    thanks
    roshaz
    Came as strangers,
    met as friends ,
    Parted as one

  10. #20
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,065
    hmmm.... Those trusted IP ranges do look a little fishy to me but i'd leave them for now... it looks like your log is pretty clean, do you still get those porn icons and pop ups??

    You can clear your temp internet files by going opening internet explorer and clicking "tools" >> "Internet Options" and then click on "delete cookies" and "Delete Files" (click on checkbox to delete all offline crap) and then click on "Clear History". That should do a pretty good job, if you still want more I'll give you instructions for creating a bat file that does a good job...
    I am the uber duck!!1
    Proxy Tools

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides