Thread: security leak??
View Single Post
  #1  
Old 10-16-2004, 07:28 AM
roeo727 roeo727 is offline
Junior Member
  
Join Date: Oct 2004
Posts: 11
Send a message via Yahoo to roeo727
security leak??
I have attached a log and would like you to look at it. I can't seem to stay 'clean' and was wondering if I need to check different things in my Internet options Security or Advanced tabs. Last night my son was on the computer and when we ran Ad-Adware SE...149 things came up and the computer wouldn't fix them. It just kind of froze on fixing selection. I'll try it again this afternoon, but in the meantime if you could look at this log and let me know what you think, I would sincerely appreciate it.

Logfile of HijackThis v1.98.2
Scan saved at 7:29:02 AM, on 10/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSYMTRAY.EXE
C:WINDOW***PLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESVERIZON ONLINEWINPOETWINPPPOVERETHERNET.EXE
C:WINDOWSSYSTEMUSBMONIT.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON UTILITIESNPROTECT.EXE
C:WINDOWSSYSTEMATIPTAXX.EXE
C:PROGRAM FILESWIN COMMWINCOMM.EXE
C:PROGRAM FILESWEB_REBATESWEBREBATES0.EXE
C:PROGRAM FILESWIN COMMWINLOCK.EXE
C:WINDOWSSYSTEMOAEIXA.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINSM32.EXE
C:Program FilesNorton SystemWorksNorton CleanSweepMonwow.exe
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAM FILESWEB_REBATESWEBREBATES1.EXE
C:MY DOCUMENTSROE'S DOCSHIGHJACK THISHIJACKTHIS.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...=ie&ar=iesearch
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:WINDOWS2_0_1browserhelper2.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:WINDOWSNEM219.DLL
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:WINDOWSSYSTEMMSBE.DLL
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [a-winpoet-service] "C:Program FilesVerizon OnlineWinPoETwinpppoverethernet.exe"
O4 - HKLM..Run: [Gene USB Monitor] C:WINDOWSSYSTEMUSBMonit.exe
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~2NORTON~1NAVAPW32.EXE
O4 - HKLM..Run: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMON.EXE
O4 - HKLM..Run: [Win Comm] C:PROGRAM FILESWIN COMMWINCOMM.EXE
O4 - HKLM..Run: [WebRebates0] "C:PROGRAM FILESWEB_REBATESWebRebates0.exe"
O4 - HKLM..Run: [rhfmvbfpbh] C:WINDOWSSYSTEMoaeixa.exe
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesCommon FilesSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SymTray - Norton SystemWorks] C:Program FilesCommon FilesSymantec SharedSymTray.exe "Norton SystemWorks"
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:Program FilesNorton SystemWorksNorton CleanSweepcsinsm32.exe
O4 - Global Startup: Verizon Online.lnk = C:Program FilesVerizon OnlineVOLSWVerizon Online.exe
O8 - Extra context menu item: Web Rebates - file://C:PROGRAM FILESWEB_REBATESSy1150Tp1150scri1150a.htm
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:PROGRAM FILESVERIZON ONLINECONTROLPADMisca_menu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRAM FILESAIM95AIM.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clie...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clie...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clie...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSCo...ol_v1-0-3-0.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.3.20/bac...n-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clie...nts/y/at1_x.cab

Thank you....
Rosemary
Reply With Quote