Options
Home Search, only the best, shopping Asst
Please please help me. I thank you so much for what you do, but I am having difficulting implementing it:
Here is a copy of my log, please let me know what to do:
Logfile of HijackThis v1.97.7
Scan saved at 2:24:50 PM, on 5/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\DELL\OpenManage\Client\ActionAgent.exe
c:\PROGRA~1\NavNT\DefWatch.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\DELL\OpenManage\Client\EventAgt.exe
C:\Program Files\DELL\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\DELL\OpenManage\Client\Iap.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARUpld32.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARMon32a.exe
c:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ezSP_Px.exe
C:\WINNT\system32\netwd.exe
C:\WINNT\atlea.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\org\organize\org6.exe
C:\Lotus\Notes\nhldaemn.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\AIM\aim.exe
C:\MyDownloads\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\nsxus.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.verizon.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\nsxus.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\nsxus.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eweb.verizon.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getProxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 159.67.21.34 :80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {112D5427-36BF-B118-6762-B819C2050E43} - C:\WINNT\winvf.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BD172BEF-9ECC-8E7D-F325-AD338CA3D062} - C:\WINNT\apiui32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonOnlineDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [VolSp1] C:\Program Files\VerizonOnlineDSL\AccountSetup\VolSp1.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [netwd.exe] C:\WINNT\system32\netwd.exe
O4 - HKLM\..\RunOnce: [atlea.exe] C:\WINNT\atlea.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Start WebEx One-Click Meeting (HKLM)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Web Entry (HKLM)
O12 - Plugin for .rx: C:\Program Files\Attachmate\KEA! X\npacirx.dll
O14 - IERESET.INF: START_PAGE_URL=http://eweb.verizon.com/
O15 - Trusted Zone: *.verizon.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {19E8C16F-7550-48B4-995F-839962136777} (edwInstaller.edwSoftwareCheck) - http://verizonai.its.verizon.com/vzai/Utilities/edwInstaller.CAB
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://webclass1.verizon.com/main/Install/en/US/CentraDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://verizon.webex.com/client/v_verizon/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A400C74-65AA-4412-89C5-4E8231630D66}: Domain = verizon.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com,bellatlantic.com,bell-atl.com,us1.ent.verizon.com,ent.verizon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A400C74-65AA-4412-89C5-4E8231630D66}: Domain = verizon.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = verizon.com,bellatlantic.com,bell-atl.com,us1.ent.verizon.com,ent.verizon.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A400C74-65AA-4412-89C5-4E8231630D66}: Domain = verizon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com,bellatlantic.com,bell-atl.com,us1.ent.verizon.com,ent.verizon.com
Here is a copy of my log, please let me know what to do:
Logfile of HijackThis v1.97.7
Scan saved at 2:24:50 PM, on 5/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\DELL\OpenManage\Client\ActionAgent.exe
c:\PROGRA~1\NavNT\DefWatch.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\DELL\OpenManage\Client\EventAgt.exe
C:\Program Files\DELL\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\DELL\OpenManage\Client\Iap.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARUpld32.exe
C:\Program Files\VerizonOnlineDSL\Visual IP InSight\ARMon32a.exe
c:\PROGRA~1\NavNT\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\PROGRA~1\symantec\LIVEUP~1\savroam.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\VerizonOnlineDSL\WinPoET\WrOS.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\ZipToA.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ezSP_Px.exe
C:\WINNT\system32\netwd.exe
C:\WINNT\atlea.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\org\organize\org6.exe
C:\Lotus\Notes\nhldaemn.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\AIM\aim.exe
C:\MyDownloads\Hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\nsxus.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.verizon.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\nsxus.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\nsxus.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eweb.verizon.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autoproxy.verizon.com/cgi-bin/getProxy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 159.67.21.34 :80
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {112D5427-36BF-B118-6762-B819C2050E43} - C:\WINNT\winvf.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BD172BEF-9ECC-8E7D-F325-AD338CA3D062} - C:\WINNT\apiui32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonOnlineDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [VolSp1] C:\Program Files\VerizonOnlineDSL\AccountSetup\VolSp1.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [netwd.exe] C:\WINNT\system32\netwd.exe
O4 - HKLM\..\RunOnce: [atlea.exe] C:\WINNT\atlea.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Start WebEx One-Click Meeting (HKLM)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Web Entry (HKLM)
O12 - Plugin for .rx: C:\Program Files\Attachmate\KEA! X\npacirx.dll
O14 - IERESET.INF: START_PAGE_URL=http://eweb.verizon.com/
O15 - Trusted Zone: *.verizon.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {19E8C16F-7550-48B4-995F-839962136777} (edwInstaller.edwSoftwareCheck) - http://verizonai.its.verizon.com/vzai/Utilities/edwInstaller.CAB
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://webclass1.verizon.com/main/Install/en/US/CentraDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://verizon.webex.com/client/v_verizon/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A400C74-65AA-4412-89C5-4E8231630D66}: Domain = verizon.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = verizon.com,bellatlantic.com,bell-atl.com,us1.ent.verizon.com,ent.verizon.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A400C74-65AA-4412-89C5-4E8231630D66}: Domain = verizon.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = verizon.com,bellatlantic.com,bell-atl.com,us1.ent.verizon.com,ent.verizon.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A400C74-65AA-4412-89C5-4E8231630D66}: Domain = verizon.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = verizon.com,bellatlantic.com,bell-atl.com,us1.ent.verizon.com,ent.verizon.com
0
Comments
Version 1.99.1 shows us a few things that the older version you are using does not.
Rescan with 1.99.1 and re-post your HJT log.
Dexter...
http://www.majorgeeks.com/download3155.html