Oni Posted January 1, 2005 Report Share Posted January 1, 2005 Well my system sortta crashes when it starts up... I try to connect to my dialup isp but then it crashes... Can someone check it out? I think its really messed up. I didn't run spybot or adaware in a few weeks.. maybe a month or too so Good Luck!Logfile of HijackThis v1.97.7Scan saved at 7:25:30 PM, on 12/31/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\carpserv.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\RamBooster\Rambooster.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Apache Group\Apache\Apache.exeC:\Program Files\Apache Group\Apache\Apache.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Boingo\WENGINE\wmonitor.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\clipsrv.exeC:\WINDOWS\System32\dllhost.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\msiexec.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\System32\tlntsvr.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\System32\wbem\wmiapsrv.exeC:\WINDOWS\System32\dmadmin.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\cidaemon.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearchR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearchR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://education.dellnet.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/saR3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dllO2 - BHO: (no name) - {02336F51-24CA-4422-AB63-18841ADF35E6} - C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\eCATBHO.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dllO3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dllO3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dllO3 - Toolbar: Miliki Dialup Accelerator - {4BC3AC04-3E56-411D-B465-4FEA06654611} - C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\ThinClientToolbar.dll (file missing)O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [bascstray] BascsTray.exeO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exeO4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exeO4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exeO4 - HKLM\..\Run: [iAClient] C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\IACLiM.exeO4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -wO4 - Global Startup: Boingo.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: =>&Español - http:\\wordreference.com\es\j\iees69.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)O9 - Extra button: AIM (HKLM)O9 - Extra button: ICQ 4.0 (HKLM)O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)O9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)O9 - Extra button: NeoTrace It! (HKCU)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cabO16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CABO16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cabO16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7993.5388773148O16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20Spanish.cabO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = addressisp.comO17 - HKLM\Software\..\Telephony: DomainName = addressisp.comO17 - HKLM\System\CCS\Services\Tcpip\..\{86227E37-D968-4D38-A943-438570D30533}: NameServer = 134.53.253.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = addressisp.comO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = badaddress.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = addressisp.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = badaddress.netO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = badaddress.net Link to post Share on other sites
Canoeingkidd Posted January 1, 2005 Report Share Posted January 1, 2005 You are using an out-of-date version of HijackThis. The new version shows more information that could aid me in helping you. Please delete the copy you currently have (but not the backups folder, if there is one) and download the latest version from http://www.downloads.subratam.org/hijackthis.zip. Unzip it to a permanent folder such as C:\HJT.Scan with the new version of HijackThis, save a new log, and post the new log in a reply to this topic. Link to post Share on other sites
Oni Posted January 1, 2005 Author Report Share Posted January 1, 2005 Ok I did all of that, here you go!ThanksLogfile of HijackThis v1.99.0Scan saved at 3:45:57 PM, on 1/1/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\carpserv.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\System32\DSentry.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\Program Files\RamBooster\Rambooster.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\WinZip\WZQKPICK.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Apache Group\Apache\Apache.exeC:\Program Files\Apache Group\Apache\Apache.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Boingo\WENGINE\wmonitor.exeC:\WINDOWS\system32\cisvc.exeC:\WINDOWS\system32\clipsrv.exeC:\WINDOWS\System32\dllhost.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\tcpsvcs.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\mcshield.exeC:\Program Files\Network Associates\VirusScan\vstskmgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\dllhost.exeC:\WINDOWS\System32\tlntsvr.exeC:\WINDOWS\System32\vssvc.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\System32\wbem\wmiapsrv.exeC:\WINDOWS\System32\dmadmin.exeC:\Program Files\AIM\aim.exeC:\WINDOWS\system32\cidaemon.exeC:\Program Files\Ultima Online 3D\uotd.exeC:\HJT2\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.juno.com/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.juno.com/s/search?r=minisearchR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.juno.com/s/search?r=minisearchR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.juno.com/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearchR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\JUSearch\SearchEnh1.dllO2 - BHO: eCATRegistrar Class - {02336F51-24CA-4422-AB63-18841ADF35E6} - C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\eCATBHO.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dllO3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dllO3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Pilot Group LLC\Save Flash 2.4.20\SaveFlash.dllO3 - Toolbar: Miliki Dialup Accelerator - {4BC3AC04-3E56-411D-B465-4FEA06654611} - C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\ThinClientToolbar.dll (file missing)O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exeO4 - HKLM\..\Run: [CARPService] carpserv.exeO4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [bascstray] BascsTray.exeO4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exeO4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquietO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exeO4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exeO4 - HKLM\..\Run: [iAClient] C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\IACLiM.exeO4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -wO4 - Global Startup: Boingo.lnk = ?O4 - Global Startup: Digital Line Detect.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: =>&Español - http:\\wordreference.com\es\j\iees69.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Microsoft Games\ICQLite\ICQLite.exeO9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\Microsoft Games\ICQLite\ICQLite.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cabO16 - DPF: {AD08A333-609E-11D3-950C-008098601567} - http://wordreference.com/Install/English%20to%20Spanish.cabO16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cabO16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cabO16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = addressisp.comO17 - HKLM\Software\..\Telephony: DomainName = addressisp.comO17 - HKLM\System\CCS\Services\Tcpip\..\{86227E37-D968-4D38-A943-438570D30533}: NameServer = 134.53.253.1O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = addressisp.comO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = badaddress.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = addressisp.comO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = badaddress.netO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = badaddress.netO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO23 - Service: Apache - Unknown - C:\Program Files\Apache Group\Apache\Apache.exeO23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: Broadcom ASF IP monitoring service v3.0.1 - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exeO23 - Service: Boingo Monitor Service - Boingo Wireless, Inc. - C:\Program Files\Boingo\WENGINE\wmonitor.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exeO23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exeO23 - Service: Symantec Ghost Client Agent - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exeO23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exeO23 - Service: WLTRYSVC - Unknown - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe (file missing) Link to post Share on other sites
Canoeingkidd Posted January 2, 2005 Report Share Posted January 2, 2005 This log looks better than your last one. Did you run Ad-aware or something?Run HijackThis, do a scan, and place a check next to the following items to be fixed:R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =O2 - BHO: eCATRegistrar Class - {02336F51-24CA-4422-AB63-18841ADF35E6} - C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\eCATBHO.dll (file missing)O3 - Toolbar: Miliki Dialup Accelerator - {4BC3AC04-3E56-411D-B465-4FEA06654611} - C:\Program Files\QuikCAT Technologies\Miliki Dialup Accelerator\1.52.0922\ThinClientToolbar.dll (file missing)These registry entries disable access to certain options in Internet Explorer but do not protect against malware. Unless you or an administrator set this place a check next to this item (Programs such as Spybot - S&D may set these also):O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentClose all browsers and windows except HijackThis and click "Fix checked".Delete the folder in bold (if present):C:\Program Files\Toolbar\Reboot your computer.Post a new HijackThis log in a reply to this topic before you do anything else. Are you still having problems?Do you know what addressisp.com and badaddress.net are related to? You Internet Service Provider? Link to post Share on other sites
Oni Posted January 18, 2005 Author Report Share Posted January 18, 2005 Thanks... I know its late to post but I was planning on doing the checks but my computer kinda went crazy... I friend is gonna gimme a Knoppix Cd tommorow so i can go inside and get myself a bootdisk... So anyway Ill do all of these after I get my Pc fixedty sorry for the delay I thought I had posted Link to post Share on other sites
Recommended Posts