system
August 11, 2004, 10:29pm
1
Logfile of HijackThis v1.97.7
Scan saved at 5:19:26 PM, on 8/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\PROGRAM FILES\DOWNLOADWARE\DW.EXE
C:\PROGRAM FILES\SAVE\SAVE.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\EZULA\MMOD.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\LIMEWIRE\LIMEWIRE 4.0.8\LIMEWIRE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET R SERIES\SCANPICTURE\HPSPLMWA.EXE
C:\Program Files\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMET SYSTEMS\DM\BIN\DMSERVER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\MY DOCUMENTS\MY PICTURES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://martfinder.com/crindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://server224.smartbotpro.net/7search/?002
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir.dll?c=3c00&s=consumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://martfinder.com/crindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://server224.smartbotpro.net/7search/?003
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://martfinder.com/crindex.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=3c00&s=searchbar&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://martfinder.com/crindex.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://martfinder.com/crindex.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://martfinder.com/crindex.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://files.cc.cometsystems.com/assist/cc/1.0/assist_st.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.search-2003.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://martfinder.com/crindex.html
O1 - Hosts: 66.250.171.163 auto.search.msn.com
O1 - Hosts: 88.88.88.88 elite
O1 - Hosts: 207.44.220.30 www.google.akadns.net
O1 - Hosts: 207.44.220.30 www.google.com
O1 - Hosts: 207.44.220.30 google.com
O1 - Hosts: 207.44.220.30 www.altavista.com
O1 - Hosts: 207.44.220.30 altavista.com
O1 - Hosts: 207.44.220.30 search.yahoo.com
O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
O1 - Hosts: 207.44.220.30 au.search.yahoo.com
O1 - Hosts: 207.44.220.30 de.search.yahoo.com
O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
O1 - Hosts: 207.44.220.30 www.lycos.de
O1 - Hosts: 207.44.220.30 www.lycos.ca
O1 - Hosts: 207.44.220.30 www.lycos.jp
O1 - Hosts: 207.44.220.30 www.lycos.co.jp
O1 - Hosts: 207.44.220.30 alltheweb.com
O1 - Hosts: 207.44.220.30 web.ask.com
O1 - Hosts: 207.44.220.30 ask.com
O1 - Hosts: 207.44.220.30 www.ask.com
O1 - Hosts: 207.44.220.30 www.teoma.com
O1 - Hosts: 207.44.220.30 search.aol.com
O1 - Hosts: 207.44.220.30 www.looksmart.com
O1 - Hosts: 207.44.220.30 auto.search.msn.com
O1 - Hosts: 207.44.220.30 search.msn.com
O1 - Hosts: 207.44.220.30 ca.search.msn.com
O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
O1 - Hosts: 207.44.220.30 search.fr.msn.be
O1 - Hosts: 207.44.220.30 search.fr.msn.ch
O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
O1 - Hosts: 207.44.220.30 search.msn.at
O1 - Hosts: 207.44.220.30 search.msn.be
O1 - Hosts: 207.44.220.30 search.msn.ch
O1 - Hosts: 207.44.220.30 search.msn.co.in
O1 - Hosts: 207.44.220.30 search.msn.co.jp
O1 - Hosts: 207.44.220.30 search.msn.co.kr
O1 - Hosts: 207.44.220.30 search.msn.com.br
O1 - Hosts: 207.44.220.30 search.msn.com.hk
O1 - Hosts: 207.44.220.30 search.msn.com.my
O1 - Hosts: 207.44.220.30 search.msn.com.sg
O1 - Hosts: 207.44.220.30 search.msn.com.tw
O1 - Hosts: 207.44.220.30 search.msn.co.za
O1 - Hosts: 207.44.220.30 search.msn.de
O1 - Hosts: 207.44.220.30 search.msn.dk
O1 - Hosts: 207.44.220.30 search.msn.es
O1 - Hosts: 207.44.220.30 search.msn.fi
O1 - Hosts: 207.44.220.30 search.msn.fr
O1 - Hosts: 207.44.220.30 search.msn.it
O1 - Hosts: 207.44.220.30 search.msn.nl
O1 - Hosts: 207.44.220.30 search.msn.no
O1 - Hosts: 207.44.220.30 search.msn.se
O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
O1 - Hosts: 207.44.220.30 search.yupimsn.com
O1 - Hosts: 207.44.220.30 uk.search.msn.com
O1 - Hosts: 207.44.220.30 search.lycos.com
O1 - Hosts: 207.44.220.30 www.lycos.com
O1 - Hosts: 207.44.220.30 www.google.ca
O1 - Hosts: 207.44.220.30 google.ca
O1 - Hosts: 207.44.220.30 www.google.uk
O1 - Hosts: 207.44.220.30 www.google.co.uk
O1 - Hosts: 207.44.220.30 www.google.com.au
O1 - Hosts: 207.44.220.30 www.google.co.jp
O1 - Hosts: 207.44.220.30 www.google.jp
O1 - Hosts: 207.44.220.30 www.google.at
O1 - Hosts: 207.44.220.30 www.google.be
O1 - Hosts: 207.44.220.30 www.google.ch
O1 - Hosts: 207.44.220.30 www.google.de
O1 - Hosts: 207.44.220.30 www.google.se
O1 - Hosts: 207.44.220.30 www.google.dk
O1 - Hosts: 207.44.220.30 www.google.fi
O1 - Hosts: 207.44.220.30 www.google.fr
O1 - Hosts: 207.44.220.30 www.google.com.gr
O1 - Hosts: 207.44.220.30 www.google.com.hk
O1 - Hosts: 207.44.220.30 www.google.ie
O1 - Hosts: 207.44.220.30 www.google.co.il
O1 - Hosts: 207.44.220.30 www.google.it
O1 - Hosts: 207.44.220.30 www.google.co.kr
O1 - Hosts: 207.44.220.30 www.google.com.mx
O1 - Hosts: 207.44.220.30 www.google.nl
O1 - Hosts: 207.44.220.30 www.google.co.nz
O1 - Hosts: 207.44.220.30 www.google.pl
O1 - Hosts: 207.44.220.30 www.google.pt
O1 - Hosts: 207.44.220.30 www.google.com.ru
O1 - Hosts: 207.44.220.30 www.google.com.sg
O1 - Hosts: 207.44.220.30 www.google.co.th
O1 - Hosts: 207.44.220.30 www.google.com.tr
O1 - Hosts: 207.44.220.30 www.google.com.tw
O1 - Hosts: 207.44.220.30 go.google.com
O1 - Hosts: 207.44.220.30 google.at
O1 - Hosts: 207.44.220.30 google.be
O1 - Hosts: 207.44.220.30 google.de
O1 - Hosts: 207.44.220.30 google.dk
O1 - Hosts: 207.44.220.30 google.fi
O1 - Hosts: 207.44.220.30 google.fr
O1 - Hosts: 207.44.220.30 google.com.hk
O1 - Hosts: 207.44.220.30 google.ie
O1 - Hosts: 207.44.220.30 google.co.il
system
August 11, 2004, 10:29pm
2
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O2 - BHO: (no name) - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME2.DLL
O2 - BHO: (no name) - {413EBB03-5E23-4034-AED2-326487E5BCA8} - C:\WINDOWS\SYSTEM\MOZ030715S.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} - C:\PROGRAM FILES\COMET\BIN\CSBHO.DLL
O3 - Toolbar: @msdxmLC.dll ,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
O3 - Toolbar: Starware - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRAM FILES\COMET\BIN\CSIETB.DLL
O4 - HKLM..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM..\Run: [SystemTray] SysTray.Exe
O4 - HKLM..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM..\Run: [CountrySelection] pctptt.exe
O4 - HKLM..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM..\Run: [Digital Dashboard] C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
O4 - HKLM..\Run: [MediaLoads Installer] “C:\Program Files\DownloadWare\dw.exe” /H
O4 - HKLM..\Run: [CMESys] “C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE”
O4 - HKLM..\Run: [WhenUSave] C:\PROGRA~1\SAVE\Save.exe
O4 - HKLM..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM..\Run: [WildTangent CDA] RUNDLL32.exe C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL,cdaEngineMain
O4 - HKLM..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
O4 - HKLM..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O4 - Startup: HP ScanPicture.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet R Series\ScanPicture\hpsplmwa.exe
O4 - Startup: hpmdlbwa.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
O4 - User Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - User Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - User Startup: PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe
O4 - User Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - User Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O4 - User Startup: HP ScanPicture.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet R Series\ScanPicture\hpsplmwa.exe
O4 - User Startup: hpmdlbwa.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet R Series\PrecisionScan\hpmdlbwa.exe
O9 - Extra button: Related (HKLM)
O9 - Extra ‘Tools’ menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra ‘Tools’ menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra ‘Tools’ menuitem: AV &Translate (HKLM)
O9 - Extra ‘Tools’ menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra ‘Tools’ menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra ‘Tools’ menuitem: AV Live (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .ASP: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://install.spywarelabs.com/1210030908/BundleOuter1210030908.EXE
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37884.5686342593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinstc.cab
O16 - DPF: {197AB1D7-A7DD-4C86-A938-1FCC0DB21B85} (DMProxyCtl Class) - http://dm.cometsystems.com/dm/dm_286.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38
system
August 11, 2004, 10:30pm
3
which of these should i delete? (logfile in 2 previous posts)
DavidR
August 11, 2004, 11:00pm
4
Hi Steve, welcome to the forums.
I’m no expert, there will probably be one along soon, but in the meantime!
I would however start with the all 01 Hosts with the IP address 207.44.220.30, as you can see the whois query for 207.44.220.30 returns the following results, so this would appear to be a hijack of your search locations/tools. Unless this is intentional ???
Search results for: 207.44.220.30
OrgName: Everyones Internet, Inc.
OrgID: EVRY
Address: 2600 Southwest Freeway
Address: Suite 500
City: Houston
StateProv: TX
PostalCode: 77098
Country: US
NetRange: 207.44.128.0 - 207.44.255.255
CIDR: 207.44.128.0/17
NetName: EVRY-BLK-11
NetHandle: NET-207-44-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.EV1.NET
NameServer: NS2.EV1.NET
Comment:
RegDate:
Updated: 2002-05-08
You don’t have the latest version of hijack this so I would suggest that you download it.
Then visit Eddy’s HiJackThis pages, HijackThis log file analyzer and follow the directions there and get back to us if you need more help…
HTH David
system
August 11, 2004, 11:06pm
5
Hello
I’m no expert at this but a quick read would suggest that
O4 - HKLM..\Run: [DM_Server] C:\PROGRA~1\COMETS~1\DM\BIN\DMSERVER.EXE /onreboot
might be a problem. The link below might help
http://www.pestpatrol.com/pestinfo/c/comet_dmserver.asp
I think I saw something about wildtangent also, you might try a Google search for that as it rings a bell with me.
I’m busy with updates at the moment so I can’t offer any more help right now, but I know that others here (much more knowledgeable than me) will be able to help you.
In the meantime an online automated analyser for your log can be found here
http://hijackthis.de/index.php?langselect=english
I haven’t used it, but it might be helpfull to try.
system
August 11, 2004, 11:13pm
6
DavidR, you beat me to it was just going to post Eddy’s link at
http://members.home.nl/edeijl/acred/cleaning.htm
What a terrific forum for support.
Eddy
August 12, 2004, 6:01am
7
Fix all of the following:
\program files\downloadware\dw.exe
\program files\save\save.exe
\windows\system\p2p networking\p2p networking.exe
\program files\ezula\mmod.exe
\program files\precisiontime\precisiontime.exe
\program files\limewire\limewire 4.0.8\limewire.exe
\program files\comet systems\dm\bin\dmserver.exe
\program files\common files\gmt\gmt.exe
\program files\common files\cmeii\cmesys.exe
r1 - hkcu\software\microsoft\internet explorer,searchurl = http://martfinder.com/crindex.html
r1 - hkcu\software\microsoft\internet explorer\main,search bar = http://server224.smartbotpro.net/7search/?001
r1 - hkcu\software\microsoft\internet explorer\main,search page = http://server224.smartbotpro.net/7search/?002
r1 - hkcu\software\microsoft\internet explorer\main,default_search_url = http://martfinder.com/crindex.html
r1 - hkcu\software\microsoft\internet explorer\search,searchassistant = http://server224.smartbotpro.net/7search/?003
r1 - hkcu\software\microsoft\internet explorer\search,customizesearch = http://martfinder.com/crindex.html
r1 - hklm\software\microsoft\internet explorer\main,search page = http://martfinder.com/crindex.html
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = http://martfinder.com/crindex.html
r0 - hklm\software\microsoft\internet explorer\search,customizesearch = http://martfinder.com/crindex.html
r0 - hklm\software\microsoft\internet explorer\search,searchassistant = http://files.cc.cometsystems.com/assist/cc/1.0/assist_st.html
r1 - hkcu\software\microsoft\internet explorer\main,homeoldsp = http://www.search-2003.com/
r1 - hklm\software\microsoft\internet explorer\search,(default) = http://martfinder.com/crindex.html
o1 - hosts: 66.250.171.163 auto.search.msn.com
o1 - hosts: 88.88.88.88 elite
o1 - hosts: 207.44.220.30 www.google.akadns.net
o1 - hosts: 207.44.220.30 www.google.com
o1 - hosts: 207.44.220.30 google.com
o1 - hosts: 207.44.220.30 www.altavista.com
o1 - hosts: 207.44.220.30 altavista.com
o1 - hosts: 207.44.220.30 search.yahoo.com
o1 - hosts: 207.44.220.30 uk.search.yahoo.com
o1 - hosts: 207.44.220.30 ca.search.yahoo.com
o1 - hosts: 207.44.220.30 jp.search.yahoo.com
o1 - hosts: 207.44.220.30 au.search.yahoo.com
o1 - hosts: 207.44.220.30 de.search.yahoo.com
o1 - hosts: 207.44.220.30 search.yahoo.co.jp
o1 - hosts: 207.44.220.30 www.lycos.de
o1 - hosts: 207.44.220.30 www.lycos.ca
o1 - hosts: 207.44.220.30 www.lycos.jp
o1 - hosts: 207.44.220.30 www.lycos.co.jp
o1 - hosts: 207.44.220.30 alltheweb.com
o1 - hosts: 207.44.220.30 web.ask.com
o1 - hosts: 207.44.220.30 ask.com
o1 - hosts: 207.44.220.30 www.ask.com
o1 - hosts: 207.44.220.30 www.teoma.com
o1 - hosts: 207.44.220.30 search.aol.com
o1 - hosts: 207.44.220.30 www.looksmart.com
o1 - hosts: 207.44.220.30 auto.search.msn.com
o1 - hosts: 207.44.220.30 search.msn.com
o1 - hosts: 207.44.220.30 ca.search.msn.com
o1 - hosts: 207.44.220.30 fr.ca.search.msn.com
o1 - hosts: 207.44.220.30 search.fr.msn.be
o1 - hosts: 207.44.220.30 search.fr.msn.ch
o1 - hosts: 207.44.220.30 search.latam.yupimsn.com
o1 - hosts: 207.44.220.30 search.msn.at
o1 - hosts: 207.44.220.30 search.msn.be
o1 - hosts: 207.44.220.30 search.msn.ch
o1 - hosts: 207.44.220.30 search.msn.co.in
o1 - hosts: 207.44.220.30 search.msn.co.jp
o1 - hosts: 207.44.220.30 search.msn.co.kr
o1 - hosts: 207.44.220.30 search.msn.com.br
o1 - hosts: 207.44.220.30 search.msn.com.hk
o1 - hosts: 207.44.220.30 search.msn.com.my
o1 - hosts: 207.44.220.30 search.msn.com.sg
o1 - hosts: 207.44.220.30 search.msn.com.tw
o1 - hosts: 207.44.220.30 search.msn.co.za
o1 - hosts: 207.44.220.30 search.msn.de
o1 - hosts: 207.44.220.30 search.msn.dk
o1 - hosts: 207.44.220.30 search.msn.es
o1 - hosts: 207.44.220.30 search.msn.fi
o1 - hosts: 207.44.220.30 search.msn.fr
o1 - hosts: 207.44.220.30 search.msn.it
o1 - hosts: 207.44.220.30 search.msn.nl
o1 - hosts: 207.44.220.30 search.msn.no
o1 - hosts: 207.44.220.30 search.msn.se
o1 - hosts: 207.44.220.30 search.ninemsn.com.au
o1 - hosts: 207.44.220.30 search.t1msn.com.mx
o1 - hosts: 207.44.220.30 search.xtramsn.co.nz
o1 - hosts: 207.44.220.30 search.yupimsn.com
o1 - hosts: 207.44.220.30 uk.search.msn.com
o1 - hosts: 207.44.220.30 search.lycos.com
o1 - hosts: 207.44.220.30 www.lycos.com
o1 - hosts: 207.44.220.30 www.google.ca
o1 - hosts: 207.44.220.30 google.ca
o1 - hosts: 207.44.220.30 www.google.uk
o1 - hosts: 207.44.220.30 www.google.co.uk
o1 - hosts: 207.44.220.30 www.google.com.au
o1 - hosts: 207.44.220.30 www.google.co.jp
o1 - hosts: 207.44.220.30 www.google.jp
o1 - hosts: 207.44.220.30 www.google.at
o1 - hosts: 207.44.220.30 www.google.be
o1 - hosts: 207.44.220.30 www.google.ch
o1 - hosts: 207.44.220.30 www.google.de
o1 - hosts: 207.44.220.30 www.google.se
o1 - hosts: 207.44.220.30 www.google.dk
o1 - hosts: 207.44.220.30 www.google.fi
o1 - hosts: 207.44.220.30 www.google.fr
o1 - hosts: 207.44.220.30 www.google.com.gr
o1 - hosts: 207.44.220.30 www.google.com.hk
o1 - hosts: 207.44.220.30 www.google.ie
o1 - hosts: 207.44.220.30 www.google.co.il
o1 - hosts: 207.44.220.30 www.google.it
o1 - hosts: 207.44.220.30 www.google.co.kr
o1 - hosts: 207.44.220.30 www.google.com.mx
o1 - hosts: 207.44.220.30 www.google.nl
o1 - hosts: 207.44.220.30 www.google.co.nz
o1 - hosts: 207.44.220.30 www.google.pl
o1 - hosts: 207.44.220.30 www.google.pt
o1 - hosts: 207.44.220.30 www.google.com.ru
o1 - hosts: 207.44.220.30 www.google.com.sg
o1 - hosts: 207.44.220.30 www.google.co.th
o1 - hosts: 207.44.220.30 www.google.com.tr
o1 - hosts: 207.44.220.30 www.google.com.tw
o1 - hosts: 207.44.220.30 go.google.com
o1 - hosts: 207.44.220.30 google.at
o1 - hosts: 207.44.220.30 google.be
o1 - hosts: 207.44.220.30 google.de
o1 - hosts: 207.44.220.30 google.dk
o1 - hosts: 207.44.220.30 google.fi
o1 - hosts: 207.44.220.30 google.fr
o1 - hosts: 207.44.220.30 google.com.hk
o1 - hosts: 207.44.220.30 google.ie
o1 - hosts: 207.44.220.30 google.co.il
o2 - bho: (no name) - {0494d0d1-f8e0-41ad-92a3-14154ece70ac} - c:\program files\myway\mybar\1.bin\mybar.dll
o2 - bho: (no name) - {85a702ba-ea8f-4b83-aa07-07a5186acd7e} - c:\program files\medialoads enhanced\me2.dll
o2 - bho: (no name) - {413ebb03-5e23-4034-aed2-326487e5bca8} - c:\windows\system\moz030715s.dll
o2 - bho: csbho - {d14d6793-9b65-11d3-80b6-00500487bdba} - c:\program files\comet\bin\csbho.dll
o3 - toolbar: &searchbar - {0494d0d9-f8e0-41ad-92a3-14154ece70ac} - c:\program files\myway\mybar\1.bin\mybar.dll
o3 - toolbar: starware - {fe6bc4ef-5676-484b-88ae-883323913256} - c:\program files\comet\bin\csietb.dll
o4 - hklm..\run: [medialoads installer] “c:\program files\downloadware\dw.exe” /h
o4 - hklm..\run: [cmesys] “c:\program files\common files\cmeii\cmesys.exe”
o4 - hklm..\run: [whenusave] c:\progra~1\save\save.exe
o4 - hklm..\run: [p2p networking] c:\windows\system\p2p networking\p2p networking.exe /autostart
o4 - hklm..\run: [wildtangent cda] rundll32.exe c:\progra~1\wildta~1\apps\cda\cdaeng~1.dll,cdaenginemain
o4 - hklm..\run: [dm_server] c:\progra~1\comets~1\dm\bin\dmserver.exe /onreboot
o4 - hkcu..\run: [ezmmod] c:\progra~1\ezula\mmod.exe
o4 - startup: gstartup.lnk = c:\program files\common files\gmt\gmt.exe
o4 - startup: precisiontime.lnk = c:\program files\precisiontime\precisiontime.exe
o4 - startup: date manager.lnk = c:\program files\date manager\datemanager.exe
o4 - startup: limewire 4.0.8.lnk = c:\program files\limewire\limewire 4.0.8\limewire.exe
o4 - user startup: gstartup.lnk = c:\program files\common files\gmt\gmt.exe
o4 - user startup: precisiontime.lnk = c:\program files\precisiontime\precisiontime.exe
o4 - user startup: date manager.lnk = c:\program files\date manager\datemanager.exe
o4 - user startup: limewire 4.0.8.lnk = c:\program files\limewire\limewire 4.0.8\limewire.exe
o16 - dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} (shockwave flash object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
o16 - dpf: yahoo! chess - http://download.games.yahoo.com/games/clients/y/ct0_x.cab
o16 - dpf: yahoo! pool 2 - http://download.games.yahoo.com/games/clients/y/potb_x.cab
o16 - dpf: {cafeefac-0014-0000-0001-abcdeffedcba} (java runtime environment 1.4.0_01) -
o16 - dpf: {ab29a544-d6b4-4e36-a1f8-d3e34fc7b00a} (wthoster class) - http://install.wildtangent.com/bgn/partners/shockwave/virtualwarfare/install.cab
o16 - dpf: yahoo! chinese checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab
o16 - dpf: {02bf25d5-8c17-4b23-bc80-d3488abddc6b} - http://www.apple.com/qtactivex/qtplugin.cab
o16 - dpf: {41f17733-b041-4099-a042-b518bb6a408c} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/borris/us/win/quicktimeinstaller.exe
o16 - dpf: {6a060448-60f9-11d5-a6cd-0002b31f7455} (exentinf class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
o16 - dpf: yahoo! dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
o16 - dpf: {d9ec0a76-03bf-11d4-a509-0090270f86e3} - http://install.spywarelabs.com/1210030908/bundleouter1210030908.exe
o16 - dpf: {9f1c11aa-197b-4942-ba54-47a8489bb47f} (update class) - http://v4.windowsupdate.microsoft.com/cab/x86/ansi/iuctl.cab?37884.5686342593
o16 - dpf: {166b1bca-3f9c-11cf-8075-444553540000} (shockwave activex control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - http://download.yahoo.com/dl/installs/yinstc.cab
o16 - dpf: {197ab1d7-a7dd-4c86-a938-1fcc0db21b85} (dmproxyctl class) - http://dm.cometsystems .
system
August 12, 2004, 10:42am
8
didnt notice AV or firewall or anything resembling security / protection . ???
I presume you enjoy getting all that garbage on your pc
Eddy
August 12, 2004, 11:10am
9
Good observing galooma, I noticed it too. Besides this there is also another thing that will track your attention if you look at the log. He installed allmost all those spy/-adware himself with those p2p applications.
Definatly someone who should look at the link in my signature. ;D
DavidR
August 12, 2004, 11:46am
10
Eddy:
Good observing galooma, I noticed it too. Besides this there is also another thing that will track your attention if you look at the log. He installed allmost all those spy/-adware himself with those p2p applications.
Definatly someone who should look at the link in my signature. ;D
You can only lead the horse to the water he has to want to drink.
As galooma observed he should also install avast! (or enable it to run at start up) it’s the least he could do for the assistance he has received from the Alwil Software Forum - avast! Support Forums ;D