Broadband Tech > Security > Security > @#&@$ Hijackers

reply to rrlover

Re: @#&@$ Hijackers

dllfix will not be necessary for this log.

Newer version may be necessary?
--
MIAMI DOLPHINS

AHHHHHH
still cant get rid of this. hijackthis fixed it. i rebooted and it is still there.

Logfile of HijackThis v1.97.7
Scan saved at 9:35:49 PM, on 6/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wingz.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\PopUp Killer\PopUpKiller.EXE
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\addmt32.exe
C:\Documents and Settings\Marco\Desktop\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ncmkt.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://ncmkt.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://ncmkt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »rd.yahoo.com/customize/ymsgr/def···rch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ncmkt.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://ncmkt.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ncmkt.dll/sp.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C75AEB7B-18DF-27AF-DBA3-059058EDCC2F} - C:\WINDOWS\system32\ntve.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
O4 - HKLM\..\Run: [addmt32.exe] C:\WINDOWS\addmt32.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: BlackICE PC Protection.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: axscanner - »www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - »www.pestscan.com/scanner/axscann···time.cab
O16 - DPF: mscomctl - »www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - »download.pestpatrol.com/Download···cp71.cab
O16 - DPF: msvcr71 - »download.pestpatrol.com/Download···cr71.cab
O16 - DPF: ppctlcab - »www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Poker - »download.games.yahoo.com/games/c···t1_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - »support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - »www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - »www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {25064DE4-9CC0-11D5-BB86-0050DAC5EBD0} (printQuick Browser Add In) - »www.pqvalet.com/plugin/axversion···uick.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - »security2.norton.com/SSC/SharedC···niff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - »download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - »www.cult3d.com/download/cult.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - »office.microsoft.com/officeupdat···opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - »a1540.g.akamai.net/7/1540/52/200···ller.exe
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - »neuro.vetmed.ufl.edu:4080/chat/d···chat.ocx
O16 - DPF: {43E1F2E4-C2BA-11D3-AC40-0050049804AB} (Update Class) - »207.245.26.119/dev/update.cab
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - »office.microsoft.com/productupda···opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - »office.microsoft.com/productupda···opuc.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - »us.games2.yimg.com/download.game···_0_1.ocx
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - »toolbar.google.com/data/en/deleo···eNav.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - »launch.gamespyarcade.com/softwar···unch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - »a840.g.akamai.net/7/840/537/2001···an53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - »support.dell.com/us/en/systempro···fLcd.CAB
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - »www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - »www.pandasoftware.com/activescan···inst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···68055556
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - »fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - »security2.norton.com/SSC/SharedC···absa.cab
O16 - DPF: {C3498BF0-2C07-43C8-99D0-434B038334A6} (VDLaunch Class) - »www.catharon.com/download/plugins/ievdl2.ocx
O16 - DPF: {C78AC153-1FB9-4198-986D-3613E49B152E} (ScanMe Class) - »download.microsoft.com/download/···edll.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - »photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - »carpoint.msn.com/components/ocx/···icer.cab
O16 - DPF: {F554B9AB-E6C9-4FA6-BFE7-B3CB24AD5027} (MSN Money Charting) - »fdl.msn.com/public/investor/v10/investor.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - »ccon.madonion.com/global/msc.cab

Did you remove O4 - HKLM\..\Run: [addmt32.exe] C:\WINDOWS\addmt32.exe ???

Also You have not moved HJT like I ask you too.
--
MIAMI DOLPHINS