Thread: security leak??
View Single Post
  #4  
Old 10-16-2004, 01:40 PM
roeo727 roeo727 is offline
Junior Member
  
Join Date: Oct 2004
Posts: 11
Send a message via Yahoo to roeo727
Another log
Ok guys....I ran both Ad-Adware SE in safe and normal modes and removed everything. I ran Spybot in both safe and normal modes and nothing came up in either. Here is a new log. Let me know what you think. Thanks.....
P.S. Mobo...thank you for that link for the security settings, that is my next project.

Logfile of HijackThis v1.98.2
Scan saved at 1:38:16 PM, on 10/16/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:PROGRAM FILESCOMMON FILESSYMANTEC SHAREDSYMTRAY.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOW***PLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESVERIZON ONLINEWINPOETWINPPPOVERETHERNET.EXE
C:WINDOWSSYSTEMUSBMONIT.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON ANTIVIRUSNAVAPW32.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON UTILITIESNPROTECT.EXE
C:WINDOWSSYSTEMATIPTAXX.EXE
C:PROGRAM FILESWIN COMMWINCOMM.EXE
C:PROGRAM FILESWIN COMMWINLOCK.EXE
C:PROGRAM FILESNORTON SYSTEMWORKSNORTON CLEANSWEEPCSINSM32.EXE
C:Program FilesNorton SystemWorksNorton CleanSweepMonwow.exe
C:WINDOWSSYSTEMWMIEXE.EXE
C:MY DOCUMENTSROE'S DOCSHIGHJACK THISHIJACKTHIS.EXE

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [a-winpoet-service] "C:Program FilesVerizon OnlineWinPoETwinpppoverethernet.exe"
O4 - HKLM..Run: [Gene USB Monitor] C:WINDOWSSYSTEMUSBMonit.exe
O4 - HKLM..Run: [NAV Agent] C:PROGRA~1NORTON~2NORTON~1NAVAPW32.EXE
O4 - HKLM..Run: [NPROTECT] C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O4 - HKLM..Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM..Run: [QuickTime Task] "C:WINDOWSSYSTEMQTTASK.EXE" -atboottime
O4 - HKLM..Run: [Symantec NetDriver Monitor] C:PROGRA~1SYMNET~1SNDMON.EXE
O4 - HKLM..Run: [Win Comm] C:PROGRAM FILESWIN COMMWINCOMM.EXE
O4 - HKLM..RunServices: [ScriptBlocking] "C:Program FilesCommon FilesSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [SymTray - Norton SystemWorks] C:Program FilesCommon FilesSymantec SharedSymTray.exe "Norton SystemWorks"
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:Program FilesNorton SystemWorksNorton CleanSweepcsinsm32.exe
O4 - Global Startup: Verizon Online.lnk = C:Program FilesVerizon OnlineVOLSWVerizon Online.exe
O9 - Extra button: Control Pad - {28D44DAC-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:PROGRAM FILESVERIZON ONLINECONTROLPADMisca_menu.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:PROGRAM FILESAIM95AIM.EXE
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clie...nts/y/nt1_x.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clie...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clie...ts/y/dot2_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.scd.yahoo.com/yog/y/fs10_x.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSCo...ol_v1-0-3-0.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.8.3.20/bac...n-ob-assets.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/clie...nts/y/at1_x.cab
Reply With Quote