Options
Hijacked Homepage, please help!
Hi,
My colleague's IE has been hijacked too, and I hope someone can help her with her log
Thanks in advance! She's using windows 95 system.
Logfile of HijackThis v1.98.2
Scan saved at 12:39:21 PM, on 3/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\inet10050\services.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\WINNT\system32\pd7.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\127058.exe
C:\Program Files\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=C:\WINNT\inet10050\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [)e?筂
A,[rA柦肅:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\pqddse.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKLM\..\Run: [砦拲6倐寮?珮篢P?LC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\pqddse.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [printer] C:\WINNT\helpsys.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://webconfig.amadeus.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://C:\temp\vista2.1P200\html\AutoUpdateATL.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {137BF217-1106-00C9-BFB2-4643491778B6} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {14D0BE35-70FE-28E6-2296-42C76B408C48} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {2C39C191-7390-4ABF-AE00-294E61F39CF9} (KeplerLauncher Class) - http://aaol.abacus.com.sg/as310/KPMain.cab
O16 - DPF: {303CBB18-750B-52D6-A356-6BE950A203B5} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {344721B3-DA7D-397C-74D7-073850382101} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {455ACD07-0301-3BB1-5EF0-7F6B5F3F2479} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {50341380-CC60-1BA8-0324-723C6C0BA9B0} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5A78C745-3BF2-5448-586B-766D6D513BA3} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5D794B9E-642C-513E-DF80-179D16A84C4C} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5DBCC0F5-2997-7708-F07C-04DF7EF96E92} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {64E1C231-EDB5-0996-C386-64A82ACED28E} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {653D7369-617F-692D-193A-6F2C5D623664} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {6625AB3C-2886-66FD-3989-0204627165D7} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {6A5B4FE3-3FCD-2D57-69A5-2E11421AFC0A} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {71A9DE2B-4A19-4C93-F30D-671470C3AE33} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B3ADF75-DDC3-6871-F5C9-49C90EEC8B0F} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/sgw/games5.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDE3CA69-293C-4B4C-AB3B-BAAED5197238} (KPDownload1Obj Class) - http://aaol.abacus.com.sg/as310/KPOrion.cab
O16 - DPF: {EB350776-AF8A-45DB-89B6-286FA22B25A7} (Itinerary Translation) - http://aaol.abacus.com.sg/as310/DIX.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FA0DF119-C2F3-4072-853B-3A3E11AFF337} (SeatMapCtrl Class) - http://aaol.abacus.com.sg/as310/KeplerEx.cab
O20 - AppInit_DLLs: kmroz1xidk3w5.dll.dll.dll
My colleague's IE has been hijacked too, and I hope someone can help her with her log
Thanks in advance! She's using windows 95 system.Logfile of HijackThis v1.98.2
Scan saved at 12:39:21 PM, on 3/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\inet10050\services.exe
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\WINNT\system32\pd7.exe
C:\Program Files\Media Pass\MediaPassK.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\127058.exe
C:\Program Files\Hotbar\bin\4.5.1.0\HbSrv.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=C:\WINNT\inet10050\services.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [)e?筂
A,[rA柦肅:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\pqddse.exe
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKLM\..\Run: [砦拲6倐寮?珮篢P?LC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\pqddse.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [printer] C:\WINNT\helpsys.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://webconfig.amadeus.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://C:\temp\vista2.1P200\html\AutoUpdateATL.CAB
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {137BF217-1106-00C9-BFB2-4643491778B6} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {14D0BE35-70FE-28E6-2296-42C76B408C48} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {2C39C191-7390-4ABF-AE00-294E61F39CF9} (KeplerLauncher Class) - http://aaol.abacus.com.sg/as310/KPMain.cab
O16 - DPF: {303CBB18-750B-52D6-A356-6BE950A203B5} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {344721B3-DA7D-397C-74D7-073850382101} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {455ACD07-0301-3BB1-5EF0-7F6B5F3F2479} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {50341380-CC60-1BA8-0324-723C6C0BA9B0} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5A78C745-3BF2-5448-586B-766D6D513BA3} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5D794B9E-642C-513E-DF80-179D16A84C4C} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5DBCC0F5-2997-7708-F07C-04DF7EF96E92} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {64E1C231-EDB5-0996-C386-64A82ACED28E} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {653D7369-617F-692D-193A-6F2C5D623664} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {6625AB3C-2886-66FD-3989-0204627165D7} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {6A5B4FE3-3FCD-2D57-69A5-2E11421AFC0A} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {71A9DE2B-4A19-4C93-F30D-671470C3AE33} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B3ADF75-DDC3-6871-F5C9-49C90EEC8B0F} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/sgw/games5.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDE3CA69-293C-4B4C-AB3B-BAAED5197238} (KPDownload1Obj Class) - http://aaol.abacus.com.sg/as310/KPOrion.cab
O16 - DPF: {EB350776-AF8A-45DB-89B6-286FA22B25A7} (Itinerary Translation) - http://aaol.abacus.com.sg/as310/DIX.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FA0DF119-C2F3-4072-853B-3A3E11AFF337} (SeatMapCtrl Class) - http://aaol.abacus.com.sg/as310/KeplerEx.cab
O20 - AppInit_DLLs: kmroz1xidk3w5.dll.dll.dll
0
Comments
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.5.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - HKLM\..\Run: [)e?筂
A,[rA柦肅:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\pqddse.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKLM\..\Run: [砦拲6倐寮?珮篢P?LC:\Program Files\ISTsvc\istsvc.exe] C:\WINNT\pqddse.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe
O4 - HKLM\..\Run: [printer] C:\WINNT\helpsys.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {137BF217-1106-00C9-BFB2-4643491778B6} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {14D0BE35-70FE-28E6-2296-42C76B408C48} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {303CBB18-750B-52D6-A356-6BE950A203B5} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {344721B3-DA7D-397C-74D7-073850382101} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {455ACD07-0301-3BB1-5EF0-7F6B5F3F2479} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {50341380-CC60-1BA8-0324-723C6C0BA9B0} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5A78C745-3BF2-5448-586B-766D6D513BA3} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5D794B9E-642C-513E-DF80-179D16A84C4C} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {5DBCC0F5-2997-7708-F07C-04DF7EF96E92} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {64E1C231-EDB5-0996-C386-64A82ACED28E} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {653D7369-617F-692D-193A-6F2C5D623664} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {6625AB3C-2886-66FD-3989-0204627165D7} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {6A5B4FE3-3FCD-2D57-69A5-2E11421AFC0A} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {71A9DE2B-4A19-4C93-F30D-671470C3AE33} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {7B3ADF75-DDC3-6871-F5C9-49C90EEC8B0F} - http://69.50.182.94/1/rdgSG896.exe
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-ww/sgw/games5.cab
O20 - AppInit_DLLs: kmroz1xidk3w5.dll.dll.dll
Then find and delete the following files:
C:\Program Files\Hotbar\
C:\WINNT\inet10050\
C:\Program Files\ISTsvc\
C:\WINNT\pqddse.exe
C:\Program Files\Media Pass\
C:\WINNT\helpsys.exe
C:\WINNT\system32\pd7.exe
kmroz1xidk3w5.dll.dll.dll
Then restart your computer and post a new log.
new log:
Logfile of HijackThis v1.98.2
Scan saved at 11:23:02 AM, on 3/28/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\inet10050\services.exe
C:\WINNT\system32\pd7.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\winnt\system32\hzemdl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\zmou\zmoum.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\winnt\system32\calc.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\WINNT\system32\dllcache\IExplore.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\WebSiteViewer\125013.dlr
C:\Program Files\Automatic Update\AutoUpdate.exe
C:\PROGRA~1\COMMON~1\zmou\zmoua.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F3 - REG:win.ini: run=C:\WINNT\inet10050\services.exe
O1 - Hosts: 69.50.177.254 google.com www.google.com www.gooogle.com gooogle.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINNT\Pynix.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINNT\cerbmod.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINNT\sasetup.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AutoUpdate] C:\Program Files\Automatic Update\AutoUpdate.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINNT\system32\pd7.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - HKLM\..\Run: [printer] C:\WINNT\dstart2.exe
O4 - HKLM\..\Run: [farmmext] C:\WINNT\farmmext.exe
O4 - HKLM\..\Run: [hzemdl] c:\winnt\system32\hzemdl.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10050\services.exe
O4 - HKCU\..\Run: [zmou] C:\PROGRA~1\COMMON~1\zmou\zmoum.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://webconfig.amadeus.com
O15 - Trusted Zone: http://*.amadeusproweb.com
O15 - Trusted Zone: http://*.amadeusvista.com
O16 - DPF: {051FE707-9706-11D5-A836-000102A7C938} (Amadeus Automatic Update) - file://C:\temp\vista2.1P200\html\AutoUpdateATL.CAB
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c7.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {266BB960-7DA8-11D4-A849-00008321B7D9} (Amadeus Cmd Page Cross Communication) - http://amadeusvista.com/common/cabs/VistaPWComms.CAB
O16 - DPF: {2C39C191-7390-4ABF-AE00-294E61F39CF9} (KeplerLauncher Class) - http://aaol.abacus.com.sg/as310/KPMain.cab
O16 - DPF: {3D518D7D-422F-4787-AC71-10BB552E897B} (Amadeus_SP2_Patcher Class) - http://amadeusvista.com/common/cabs/SP2Patch.CAB
O16 - DPF: {665C05C1-517D-11D3-BE4A-00008322ED5D} (MSIInspect.Inspector) - http://amadeusvista.com/common/cabs/MSIInspect.CAB
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CDE3CA69-293C-4B4C-AB3B-BAAED5197238} (KPDownload1Obj Class) - http://aaol.abacus.com.sg/as310/KPOrion.cab
O16 - DPF: {EB350776-AF8A-45DB-89B6-286FA22B25A7} (Itinerary Translation) - http://aaol.abacus.com.sg/as310/DIX.cab
O16 - DPF: {EBE01DF7-D451-11D5-A842-000102A97CAB} (AmadeusInit.Init) - http://amadeusvista.com/common/cabs/AmadeusInit.CAB
O16 - DPF: {FA0DF119-C2F3-4072-853B-3A3E11AFF337} (SeatMapCtrl Class) - http://aaol.abacus.com.sg/as310/KeplerEx.cab
www.short-media.com/download.php?dc=69
Post a new log with the new version. Thanks!