Hijack this log

  Rhuddlan 16:17 04 Jun 2004
Locked

Hi there just downloaded hijack this and here is my latest log:

Logfile of HijackThis v1.97.7
Scan saved at 12:24:01, on 04/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = click here
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - click here
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - click here
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - click here
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\resources\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{282F07AD-9B75-4759-94FC-11FB362B6BB4}: NameServer = 195.92.195.95 195.92.195.94



I have posted this on various other forums, but no one has replyed yet, I'm so impatient, so I hope someone on this forum can tell me that I haven't been hijacked, regards, Rhuddlan.

  VoG II 16:26 04 Jun 2004

It looks OK to me but I'm not an expert.

What makes you think you've been hijacked?

  Fruit Bat 17:17 04 Jun 2004

Ok so your with Freeserve(wannado) anytime from your dialers no problem there also FS for search homepages etc. Use Real player + Shockwave and MSN Chat.

The only one I don't recognise is image farm? fun web products which appears to try and download a file to your PC.

If you Know wat this is then your OK If not then Maybe you are hijacked,

  Rhuddlan 19:29 04 Jun 2004

Never heared of image farm. I never use realplayer and thought I uninstalled it, I use shockwave sometimes and always msn chat, I will have a further look at image farm, thanks for the help, regards, Rhuddlan.

  Nellie2 19:48 04 Jun 2004

These two are bad, fix them using hijackthis.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http: // software-dl.real.com/164e5248eae5fddc6a05/netzip/RdxIE601.cab <----- that is netster

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http: // imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab <----- Image farm.

  GANDALF <|:-)> 21:19 04 Jun 2004

There is nothing in there to suggest a 'hijack'. Run adaware to clean up and using Goback and XP system restore is not a good idea.

'software-dl.real.com'....this is unlikely to be netster, have you real player 9 on your system. Even if it was netster there would be no need to worry. I would not delete it until an adaware run or your real player may go south ;-))) As for 'funweb'.......click here although this looks like a remnant entry.

What made you think that you were hijacked?



G

  Rhuddlan 22:18 04 Jun 2004

I didn't think I was hijacked, I just thought I post a hijack log to see if I have been hijacked, thanks for all he help, Rhuddlan.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Fujitsu Lifebook P727 laptop review

11 best portfolio websites for designers and artists

Office for Mac buying guide: Price, Office 2017 rumours & new features

Comment désactiver les programmes qui s'exécutent au démarrage de Windows 10 ?