ktx Posted April 2, 2005 Share Posted April 2, 2005 this is file log Hijackthis Logfile of HijackThis v1.99.1Scan saved at 12:53:47 PM, on 4/2/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\ntsystem.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\WinRAR\WinRAR.exeC:\DOCUME~1\khamLP\LOCALS~1\Temp\Rar$EX00.282\HijackThis.exeC:\WINDOWS\system32\NOTEPAD.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\khamLP\LOCALS~1\Temp\se.dll/spage.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comO1 - Hosts: 127.0.0.0 http://www.tonesforyourphones.com/us/index.phpO1 - Hosts: 69.20.16.183 auto.search.msn.comO1 - Hosts: 69.20.16.183 search.netscape.comO1 - Hosts: 69.20.16.183 ieautosearchO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" +cO4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKLM\..\Run: [dksystem] C:\WINDOWS\ntsystem.exeO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)O9 - Extra button: Microsoft AntiSpyware helper - {A188D8B5-44F8-452B-A1A5-843802006AC0} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A188D8B5-44F8-452B-A1A5-843802006AC0} - (no file) (HKCU)O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO15 - Trusted Zone: *.addictivetechnologies.comO15 - Trusted Zone: *.admin2cash.bizO15 - Trusted Zone: *.awmdabest.comO15 - Trusted Zone: *.bettersearch.bizO15 - Trusted Zone: *.c4tdownload.comO15 - Trusted Zone: *.crazywinnings.comO15 - Trusted Zone: *.finefind.nettraffic2cash.bizO15 - Trusted Zone: *.iframe.bizO15 - Trusted Zone: *.megapornix.comO15 - Trusted Zone: *.newiframe.bizO15 - Trusted Zone: *.overpro.comO15 - Trusted Zone: *.private-dialer.bizO15 - Trusted Zone: *.private-iframe.bizO15 - Trusted Zone: *.skoobidoo.comO15 - Trusted Zone: *.slotchbar.comO15 - Trusted Zone: *.sp2admin.bizO15 - Trusted Zone: *.sp2f***ed.bizO15 - Trusted Zone: *.windupdates.comO15 - Trusted Zone: *.skoobidoo.com (HKLM)O15 - Trusted Zone: *.slotchbar.com (HKLM)O15 - Trusted Zone: *.windupdates.com (HKLM)O15 - Trusted IP range: 67.19.185.246O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet ZoneO16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exeO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cabO16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://activex.microsoft.com/objects/ocget.dllO16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E486} - http://ione.net/IoneToolbar/IoneToolbar.cabO16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} - http://activex.microsoft.com/objects/ocget.dllO17 - HKLM\System\CCS\Services\Tcpip\..\{5E7E96A7-578C-4D2F-8484-6365F9CF2DC4}: NameServer = 10.0.0.2,203.198.0.11O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\hrj4051qe.dllO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exeFile se.dll, desktop.exe , rundll32.exe I delete it after I reset mycomputer but when it appear . Help me ? Link to comment Share on other sites More sharing options...
TomcaT Posted April 2, 2005 Share Posted April 2, 2005 http://hjt.iamnotageek.com/Go here, copy and paste you log into it and then submit it, you are infected with lovely spyware!!! best remove them entries suggested by the parse in Safe Mode. Link to comment Share on other sites More sharing options...
Tarun Posted April 2, 2005 Share Posted April 2, 2005 http://hjt.iamnotageek.com/Go here, copy and paste you log into it and then submit it, you are infected with lovely spyware!!! best remove them entries suggested by the parse in Safe Mode.<{POST_SNAPBACK}>No need, that's why we're here now. ;D Link to comment Share on other sites More sharing options...
Tarun Posted April 2, 2005 Share Posted April 2, 2005 Recommended: Upgrade to SP2 after we say you're officially clean.Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Safe to remove:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\khamLP\LOCALS~1\Temp\se.dll/spage.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.comSafe to remove as malware added these:O1 - Hosts: 127.0.0.0 http://www.tonesforyourphones.com/us/index.phpO1 - Hosts: 69.20.16.183 auto.search.msn.comO1 - Hosts: 69.20.16.183 search.netscape.comO1 - Hosts: 69.20.16.183 ieautosearchSafe to remove cause this file doesn't exist:O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)Safe to remove as download managers don't work:O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootThis is WORM_SPYBOT.GP! Remove this IMMEDIATELY and run Anti-Virus!O4 - HKLM\..\Run: [dksystem] C:\WINDOWS\ntsystem.exeDetails on WORM_SPYBOT.GP here.Safe to remove restrictions added:O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentSafe to remove as download accelerators do not work:O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmSafe to remove as all files are missing/gone:O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)O9 - Extra button: Microsoft AntiSpyware helper - {A188D8B5-44F8-452B-A1A5-843802006AC0} - (no file) (HKCU)O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A188D8B5-44F8-452B-A1A5-843802006AC0} - (no file) (HKCU)How to remove these:To fix these you will need LSPFix. Check off "I know what I'm doing" and add idmmbc.dll to the remove list.O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllSafe to remove as they were more than likely added by malware:O15 - Trusted Zone: *.addictivetechnologies.comO15 - Trusted Zone: *.admin2cash.bizO15 - Trusted Zone: *.awmdabest.comO15 - Trusted Zone: *.bettersearch.bizO15 - Trusted Zone: *.c4tdownload.comO15 - Trusted Zone: *.crazywinnings.comO15 - Trusted Zone: *.finefind.nettraffic2cash.bizO15 - Trusted Zone: *.iframe.bizO15 - Trusted Zone: *.megapornix.comO15 - Trusted Zone: *.newiframe.bizO15 - Trusted Zone: *.overpro.comO15 - Trusted Zone: *.private-dialer.bizO15 - Trusted Zone: *.private-iframe.bizO15 - Trusted Zone: *.skoobidoo.comO15 - Trusted Zone: *.slotchbar.comO15 - Trusted Zone: *.sp2admin.bizO15 - Trusted Zone: *.sp2f***ed.bizO15 - Trusted Zone: *.windupdates.comO15 - Trusted Zone: *.skoobidoo.com (HKLM)O15 - Trusted Zone: *.slotchbar.com (HKLM)O15 - Trusted Zone: *.windupdates.com (HKLM)O15 - Trusted IP range: 67.19.185.246O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet ZoneSafe to remove:O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exeO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cabO16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://activex.microsoft.com/objects/ocget.dllO16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E486} - http://ione.net/IoneToolbar/IoneToolbar.cabO16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} - http://activex.microsoft.com/objects/ocget.dllSafe to remove. An attempted LOP.com Hijack:O17 - HKLM\System\CCS\Services\Tcpip\..\{5E7E96A7-578C-4D2F-8484-6365F9CF2DC4}: NameServer = 10.0.0.2,203.198.0.11Safe to remove:O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\hrj4051qe.dllI also recommend you download this Anti Malware Package. It contains things like CWShredder and more.If you do not wish to fully download this package, I would highly recommend that you download CWShredder as se.dll is a variant of CoolWebSearch.For best results, boot into Safe Mode and run CWShredder. Link to comment Share on other sites More sharing options...
IcemanND Posted April 2, 2005 Share Posted April 2, 2005 Not sure what this is: (I'd kill it and delete it)Running processes:C:\WINDOWS\ntsystem.exe Link to comment Share on other sites More sharing options...
Tarun Posted April 2, 2005 Share Posted April 2, 2005 Not sure what this is: (I'd kill it and delete it)Running processes:C:\WINDOWS\ntsystem.exe<{POST_SNAPBACK}>Did some quick research and it's a bad worm. Removal shouldn't be too difficult however. Link to comment Share on other sites More sharing options...
matrix0978 Posted April 2, 2005 Share Posted April 2, 2005 I believe you can delete the ntsystem.exe. there seems to be no need for it.ntsystem.exe :Adds the value:"Video Process"="ntsystm.exe"to the registry keys:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesso that the worm runs when you start Windows.Allows an attacker to remotely control a compromised computer and perform any of the following actions: * Download and execute files * Steal system information * Harvest email addresses * Steal CD keys of various gamesConnects to a predetermined IRC channel, using its own IRC client, and then listens for commands. Terminates processes associated with antivirus and firewall software. Terminates processes associated with other worms Link to comment Share on other sites More sharing options...
ktx Posted April 4, 2005 Author Share Posted April 4, 2005 Oh thanks matrix0978 , Tarun , TomcaTI have file HijackthisLogfile of HijackThis v1.97.7Scan saved at 10:27:03 AM, on 4/4/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\explorer.exeC:\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file)O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - (no file)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file)O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)O4 - HKLM\..\Run: [Vietkey] C:\PROGRA~1\VIETKE~1\VietKey.exeO4 - HKLM\..\Run: [bkavFw] C:\Program Files\Bkav2002\Bkav2002.exe TASKBARO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exeO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exeO4 - HKCU\..\Run: [mtd2002Svr] "C:\Program Files\mtd2002"\mtdserver.exe -fO4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXEO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO15 - Trusted Zone: *.clickspring.netO15 - Trusted Zone: *.media-motor.netO15 - Trusted Zone: *.mt-download.comO15 - Trusted Zone: *.my-internet.infoO15 - Trusted Zone: *.searchmiracle.comO15 - Trusted Zone: *.skoobidoo.comO15 - Trusted Zone: *.slotchbar.comO15 - Trusted Zone: *.windupdates.comO15 - Trusted Zone: *.ysbweb.comO16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...bridge-c337.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cabO16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - Please help me . Thanks . Link to comment Share on other sites More sharing options...
matrix0978 Posted April 4, 2005 Share Posted April 4, 2005 You may remove these missing files:R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =R3 - Default URLSearchHook is missingO2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (these almost never work!, No use for it)O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\acroiehelper.dllO2 - BHO: (no name) - {1474CE44-8057-4AE3-8F3E-ED37C7C63D8A} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - (no file) O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file) You may remove these entries. Never good!O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dllO15 - Trusted Zone: *.clickspring.netO15 - Trusted Zone: *.media-motor.netO15 - Trusted Zone: *.mt-download.comO15 - Trusted Zone: *.my-internet.infoO15 - Trusted Zone: *.searchmiracle.comO15 - Trusted Zone: *.skoobidoo.comO15 - Trusted Zone: *.slotchbar.comO15 - Trusted Zone: *.windupdates.comO15 - Trusted Zone: *.ysbweb.comThe rest is useful and very needed! Link to comment Share on other sites More sharing options...
Tarun Posted April 4, 2005 Share Posted April 4, 2005 I notice you're using Hijack This 1.97.7. You may want to consider reposting your log after using version 1.99.1 Link to comment Share on other sites More sharing options...
ktx Posted April 4, 2005 Author Share Posted April 4, 2005 Thank you matrix0978 , Tarun very much . Link to comment Share on other sites More sharing options...
Tarun Posted April 4, 2005 Share Posted April 4, 2005 Thank you matrix0978 , Tarun very much . <{POST_SNAPBACK}>If you don't mind, repost your log again to be sure you're fully clean. I'll upload the newest package and give you the link. Anti-Malware Package (Mirror, so not updated often.) Link to comment Share on other sites More sharing options...
ktx Posted April 5, 2005 Author Share Posted April 5, 2005 OK , I'll post file .log Hijackthis for you . Today , Mycomputer appear file Desktop.exe in Task Manager . Thanks Tarun , I'll download it . Link to comment Share on other sites More sharing options...
matrix0978 Posted April 5, 2005 Share Posted April 5, 2005 No problems thats what were here for Glad to be sure your computer is running safely Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now