Hijack this log

  Rhuddlan 16:17 04 Jun 04
Locked

Hi there just downloaded hijack this and here is my latest log:

Logfile of HijackThis v1.97.7
Scan saved at 12:24:01, on 04/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Steven\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = click here
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = click here
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=click here
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - click here
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - click here
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - click here
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\resources\IntraLaunch.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{282F07AD-9B75-4759-94FC-11FB362B6BB4}: NameServer = 195.92.195.95 195.92.195.94



I have posted this on various other forums, but no one has replyed yet, I'm so impatient, so I hope someone on this forum can tell me that I haven't been hijacked, regards, Rhuddlan.

  VoG II 16:26 04 Jun 04

It looks OK to me but I'm not an expert.

What makes you think you've been hijacked?

  Fruit Bat 17:17 04 Jun 04

Ok so your with Freeserve(wannado) anytime from your dialers no problem there also FS for search homepages etc. Use Real player + Shockwave and MSN Chat.

The only one I don't recognise is image farm? fun web products which appears to try and download a file to your PC.

If you Know wat this is then your OK If not then Maybe you are hijacked,

  Rhuddlan 19:29 04 Jun 04

Never heared of image farm. I never use realplayer and thought I uninstalled it, I use shockwave sometimes and always msn chat, I will have a further look at image farm, thanks for the help, regards, Rhuddlan.

  Nellie2 19:48 04 Jun 04

These two are bad, fix them using hijackthis.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http: // software-dl.real.com/164e5248eae5fddc6a05/netzip/RdxIE601.cab <----- that is netster

DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http: // imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab <----- Image farm.

  GANDALF <|:-)> 21:19 04 Jun 04

There is nothing in there to suggest a 'hijack'. Run adaware to clean up and using Goback and XP system restore is not a good idea.

'software-dl.real.com'....this is unlikely to be netster, have you real player 9 on your system. Even if it was netster there would be no need to worry. I would not delete it until an adaware run or your real player may go south ;-))) As for 'funweb'.......click here although this looks like a remnant entry.

What made you think that you were hijacked?



G

  Rhuddlan 22:18 04 Jun 04

I didn't think I was hijacked, I just thought I post a hijack log to see if I have been hijacked, thanks for all he help, Rhuddlan.

This thread is now locked and can not be replied to.

Best phone camera 2016/2017: Galaxy S7 vs iPhone 7 vs Google Pixel vs HTC 10 Evo vs OnePlus 3T vs…

1995-2015: How technology has changed the world in 20 years

These are the Best Christmas Ads and Studio Projects of 2016

Super Mario Run preview | Hands-on first impressions of Super Mario Run: Mario's iPhone & iPad…