Help - Search - Members - Calendar
Full Version: HiJack This!
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
Johnnycoolwhip
Dec 6 2004, 09:07 AM
Hey guys how is it going. I finilly found a site that is well respected in the spyware, virus and anything bad that can be found on a PC. Well here is my HiJack This Log. I noticed it is a longer list than any of the other logs I had. Well anyways.........................


Logfile of HijackThis v1.98.2
Scan saved at 3:02:01, on 2004.12.07.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\devldr32.exe
C:\Documents and Settings\Owner\Desktop\SECURITY\Highjack This\HijackThis.exe
C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 65.167.9.50 cart2.barnesandnoble.com #0
O1 - Hosts: 216.67.248.141 www.desktopradios.com #0
O1 - Hosts: 65.163.107.145 www.trimlife.com #0
O1 - Hosts: 208.185.174.44 www.zonelabs.com #0
O1 - Hosts: 216.194.70.4 www.all4nothin.cjb.net #0
O1 - Hosts: 69.50.168.141 www.suprnova.org #0
O1 - Hosts: 209.133.53.130 www.annoyances.org #0
O1 - Hosts: 209.123.109.175 www.broadbandreports.com #0
O1 - Hosts: 69.44.60.20 www.resumecoverletter.net #0
O1 - Hosts: 82.165.32.214 www.totalidea.com #0
O1 - Hosts: 63.87.252.160 www.extremetech.com #0
O1 - Hosts: 64.29.201.21 www.pcpitstop.com #0
O1 - Hosts: 65.220.224.30 www.pcworld.com #0
O1 - Hosts: 66.218.65.228 speedupcomputer.com #0
O1 - Hosts: 64.235.234.82 wittswallpapers.com #0
O1 - Hosts: 216.136.109.230 www.smartcertify.com #0
O1 - Hosts: 209.103.215.76 www.tweakxp.com #0
O1 - Hosts: 216.8.84.200 www.ultimatepcrepair.com #0
O1 - Hosts: 69.57.158.67 www.windowsxpatoz.com #0
O1 - Hosts: 67.123.30.114 www.blackviper.com #0
O1 - Hosts: 69.46.25.10 www.dmisoftware.com #0
O1 - Hosts: 24.137.12.208 forums.techguy.org #0
O1 - Hosts: 69.20.55.134 www.windowsnetworking.com #0
O1 - Hosts: 82.179.162.35 keygen.us #0
O1 - Hosts: 67.15.24.219 www.elitehackers.com #0
O1 - Hosts: 69.31.91.2 astalavista.box.sk #0
O1 - Hosts: 81.176.71.38 www.- Read our board rules --cd.com #0
O1 - Hosts: 82.179.162.34 - Read our board rules -spider.net #0
O1 - Hosts: 83.149.65.147 www.easy- Read our board rules -s.net #0
O1 - Hosts: 213.248.55.45 www.freeserials.com #0
O1 - Hosts: 67.15.24.16 www.best- Read our board rules -z.com #0
O1 - Hosts: 210.192.111.45 wheredown.com #0
O1 - Hosts: 66.250.45.43 www.atomicddl.com #0
O1 - Hosts: 140.99.102.70 fileforum.betanews.com #0
O1 - Hosts: 66.90.103.24 www.p2pforums.com #0
O1 - Hosts: 69.50.164.138 www.projectw.org #0
O1 - Hosts: 217.115.195.85 www.sharemonkey.com #0
O1 - Hosts: 66.98.208.81 www.slyck.com #0
O1 - Hosts: 209.152.181.208 www.try4buy.com #0
O1 - Hosts: 216.66.18.125 www.verifieddownloads.com #0
O1 - Hosts: 62.4.85.238 -- not allowed here ---game-downloads.6x.to #0
O1 - Hosts: 216.74.97.202 forum.-- not allowed here --net.net #0
O1 - Hosts: 64.55.181.130 www.geek.com #0
O1 - Hosts: 213.248.62.247 tsrh.watchout.ru #0
O1 - Hosts: 216.193.202.216 www.netcoweb.com #0
O1 - Hosts: 64.246.54.64 www.peerweb.org #0
O1 - Hosts: 207.44.192.24 www.infopackets.com #0
O1 - Hosts: 69.16.185.47 www.ripoffreport.com #0
O1 - Hosts: 69.93.171.43 sillydog.org #0
O1 - Hosts: 205.188.244.9 forums.winamp.com #0
O1 - Hosts: 69.50.167.154 ddl2.com #0
O1 - Hosts: 209.152.181.208 www.epirate.net #0
O1 - Hosts: 208.239.76.98 www.bearshare.com #0
O1 - Hosts: 198.88.0.2 www.beesky.com #0
O1 - Hosts: 66.45.25.164 www.boycott-riaa.com #0
O1 - Hosts: 67.15.96.211 www.filedownloadnetwork.com #0
O1 - Hosts: 67.15.6.91 kppfree.altervista.org #0
O1 - Hosts: 64.62.133.2 files.overnet.com #0
O1 - Hosts: 69.73.168.99 www.internet-guide.co.uk #0
O1 - Hosts: 66.35.250.210 www.freenetproject.org #0
O1 - Hosts: 62.2.249.11 www.the-realworld.de #0
O1 - Hosts: 62.129.131.34 www.uri-movies.tk #0
O1 - Hosts: 207.158.50.108 www.zeropaid.com #0
O1 - Hosts: 216.109.127.247 red.clientapps.yahoo.com #0
O1 - Hosts: 207.70.170.70 a-sap.org #0
O1 - Hosts: 64.91.255.87 www.diamondcs.com.au #0
O1 - Hosts: 217.160.106.55 forum.gladiator-antivirus.com #0
O1 - Hosts: 62.253.162.12 homepage.ntlworld.com #0
O1 - Hosts: 64.91.254.47 forums.thatcomputerguy.us #0
O1 - Hosts: 66.206.1.14 atsofttop.com #0
O1 - Hosts: 194.73.73.113 www.krazee.unstman.btinternet.co.uk #0
O1 - Hosts: 204.111.1.59 www.user.shentel.net #0
O1 - Hosts: 216.26.136.1 www.devdaily.com #0
O1 - Hosts: 12.158.191.26 www.updated.com #0
O1 - Hosts: 198.63.208.118 www.asp-shareware.org #0
O1 - Hosts: 66.39.115.168 www.softwaremarketingresource.com #0
O1 - Hosts: 65.42.55.75 www.passtheshareware.com #0
O1 - Hosts: 64.40.102.42 www.anydownload.com #0
O1 - Hosts: 217.147.177.154 www.downseek.com #0
O1 - Hosts: 66.235.192.213 www.downloadshareware.com #0
O1 - Hosts: 212.27.37.83 www.1000apps.com #0
O1 - Hosts: 216.92.33.217 www.downloadfast.com #0
O1 - Hosts: 66.246.72.50 www.freedownloadscenter.com #0
O1 - Hosts: 24.238.204.132 www.objectsdevelopment.com #0
O1 - Hosts: 62.173.67.17 www.freebielist.com #0
O1 - Hosts: 69.24.74.90 www.popularshareware.com #0
O1 - Hosts: 216.239.115.131 www.download.com #0
O1 - Hosts: 65.75.136.120 www.satupload.org #0
O1 - Hosts: 216.239.115.149 www.shareware.com #0
O1 - Hosts: 64.86.25.13 www.soft2share.com #0
O1 - Hosts: 65.124.157.150 www.2020research.com #0
O1 - Hosts: 209.87.112.25 www.mypoints.com #0
O1 - Hosts: 64.39.29.140 www.bellwethersurveys.com #0
O1 - Hosts: 216.74.152.11 www.bolt.com #0
O1 - Hosts: 207.153.216.141 www.betapanel.com #0
O1 - Hosts: 194.112.113.74 www.ciao-surveys.us #0
O1 - Hosts: 216.203.153.213 www.clickin.com #0
O1 - Hosts: 209.202.141.212 www.consumerinput.com #0
O1 - Hosts: 146.217.16.181 www.bettycrocker.com #0
O1 - Hosts: 64.42.220.35 www.i-say.com #0
O1 - Hosts: 168.215.71.119 www.inboxdollars.com #0
O2 - BHO: IeControler Class - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - C:\Program Files\Superhunter\NetSpeeder\IEMate.dll
O2 - BHO: (no name) - {E0E329E7-80D2-4D57-9E1D-99EDE462A5CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [NetSpeeder] "C:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe" hide
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [PCCGUIDE.EXE] "C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAGENT.EXE" /run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RegProt] c:\documents and settings\owner\desktop\security\registry prregprot.exe /start
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [!ANetSpeeder] NetSpeeder
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll

One more thing . whatever I don't need as far as toolbars, internet search engines or anything miner I'll take of if you guys say its OK.

Thanks Alot!
JohnnyCoolWhip
Bobbi Flekman
Dec 6 2004, 12:49 PM
Hi Johnnycoolwhip,

You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.

Run HijackThis, click on "Scan" and check the boxes next to all these items.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R3 - Default URLSearchHook is missing

O1 - Hosts: 65.167.9.50 cart2.barnesandnoble.com #0
O1 - Hosts: 216.67.248.141 www.desktopradios.com #0
O1 - Hosts: 65.163.107.145 www.trimlife.com #0
O1 - Hosts: 208.185.174.44 www.zonelabs.com #0
O1 - Hosts: 216.194.70.4 www.all4nothin.cjb.net #0
O1 - Hosts: 69.50.168.141 www.suprnova.org #0
O1 - Hosts: 209.133.53.130 www.annoyances.org #0
O1 - Hosts: 209.123.109.175 www.broadbandreports.com #0
O1 - Hosts: 69.44.60.20 www.resumecoverletter.net #0
O1 - Hosts: 82.165.32.214 www.totalidea.com #0
O1 - Hosts: 63.87.252.160 www.extremetech.com #0
O1 - Hosts: 64.29.201.21 www.pcpitstop.com #0
O1 - Hosts: 65.220.224.30 www.pcworld.com #0
O1 - Hosts: 66.218.65.228 speedupcomputer.com #0
O1 - Hosts: 64.235.234.82 wittswallpapers.com #0
O1 - Hosts: 216.136.109.230 www.smartcertify.com #0
O1 - Hosts: 209.103.215.76 www.tweakxp.com #0
O1 - Hosts: 216.8.84.200 www.ultimatepcrepair.com #0
O1 - Hosts: 69.57.158.67 www.windowsxpatoz.com #0
O1 - Hosts: 67.123.30.114 www.blackviper.com #0
O1 - Hosts: 69.46.25.10 www.dmisoftware.com #0
O1 - Hosts: 24.137.12.208 forums.techguy.org #0
O1 - Hosts: 69.20.55.134 www.windowsnetworking.com #0
O1 - Hosts: 82.179.162.35 keygen.us #0
O1 - Hosts: 67.15.24.219 www.elitehackers.com #0
O1 - Hosts: 69.31.91.2 astalavista.box.sk #0
O1 - Hosts: 81.176.71.38 www.crack-cd.com #0
O1 - Hosts: 82.179.162.34 crackspider.net #0
O1 - Hosts: 83.149.65.147 www.easycracks.net #0
O1 - Hosts: 213.248.55.45 www.freeserials.com #0
O1 - Hosts: 67.15.24.16 www.bestcrackz.com #0
O1 - Hosts: 210.192.111.45 wheredown.com #0
O1 - Hosts: 66.250.45.43 www.atomicddl.com #0
O1 - Hosts: 140.99.102.70 fileforum.betanews.com #0
O1 - Hosts: 66.90.103.24 www.p2pforums.com #0
O1 - Hosts: 69.50.164.138 www.projectw.org #0
O1 - Hosts: 217.115.195.85 www.sharemonkey.com #0
O1 - Hosts: 66.98.208.81 www.slyck.com #0
O1 - Hosts: 209.152.181.208 www.try4buy.com #0
O1 - Hosts: 216.66.18.125 www.verifieddownloads.com #0
O1 - Hosts: 62.4.85.238 warez-game-downloads.6x.to #0
O1 - Hosts: 216.74.97.202 forum.wareznet.net #0
O1 - Hosts: 64.55.181.130 www.geek.com #0
O1 - Hosts: 213.248.62.247 tsrh.watchout.ru #0
O1 - Hosts: 216.193.202.216 www.netcoweb.com #0
O1 - Hosts: 64.246.54.64 www.peerweb.org #0
O1 - Hosts: 207.44.192.24 www.infopackets.com #0
O1 - Hosts: 69.16.185.47 www.ripoffreport.com #0
O1 - Hosts: 69.93.171.43 sillydog.org #0
O1 - Hosts: 205.188.244.9 forums.winamp.com #0
O1 - Hosts: 69.50.167.154 ddl2.com #0
O1 - Hosts: 209.152.181.208 www.epirate.net #0
O1 - Hosts: 208.239.76.98 www.bearshare.com #0
O1 - Hosts: 198.88.0.2 www.beesky.com #0
O1 - Hosts: 66.45.25.164 www.boycott-riaa.com #0
O1 - Hosts: 67.15.96.211 www.filedownloadnetwork.com #0
O1 - Hosts: 67.15.6.91 kppfree.altervista.org #0
O1 - Hosts: 64.62.133.2 files.overnet.com #0
O1 - Hosts: 69.73.168.99 www.internet-guide.co.uk #0
O1 - Hosts: 66.35.250.210 www.freenetproject.org #0
O1 - Hosts: 62.2.249.11 www.the-realworld.de #0
O1 - Hosts: 62.129.131.34 www.uri-movies.tk #0
O1 - Hosts: 207.158.50.108 www.zeropaid.com #0
O1 - Hosts: 216.109.127.247 red.clientapps.yahoo.com #0
O1 - Hosts: 207.70.170.70 a-sap.org #0
O1 - Hosts: 64.91.255.87 www.diamondcs.com.au #0
O1 - Hosts: 217.160.106.55 forum.gladiator-antivirus.com #0
O1 - Hosts: 62.253.162.12 homepage.ntlworld.com #0
O1 - Hosts: 64.91.254.47 forums.thatcomputerguy.us #0
O1 - Hosts: 66.206.1.14 atsofttop.com #0
O1 - Hosts: 194.73.73.113 www.krazee.unstman.btinternet.co.uk #0
O1 - Hosts: 204.111.1.59 www.user.shentel.net #0
O1 - Hosts: 216.26.136.1 www.devdaily.com #0
O1 - Hosts: 12.158.191.26 www.updated.com #0
O1 - Hosts: 198.63.208.118 www.asp-shareware.org #0
O1 - Hosts: 66.39.115.168 www.softwaremarketingresource.com #0
O1 - Hosts: 65.42.55.75 www.passtheshareware.com #0
O1 - Hosts: 64.40.102.42 www.anydownload.com #0
O1 - Hosts: 217.147.177.154 www.downseek.com #0
O1 - Hosts: 66.235.192.213 www.downloadshareware.com #0
O1 - Hosts: 212.27.37.83 www.1000apps.com #0
O1 - Hosts: 216.92.33.217 www.downloadfast.com #0
O1 - Hosts: 66.246.72.50 www.freedownloadscenter.com #0
O1 - Hosts: 24.238.204.132 www.objectsdevelopment.com #0
O1 - Hosts: 62.173.67.17 www.freebielist.com #0
O1 - Hosts: 69.24.74.90 www.popularshareware.com #0
O1 - Hosts: 216.239.115.131 www.download.com #0
O1 - Hosts: 65.75.136.120 www.satupload.org #0
O1 - Hosts: 216.239.115.149 www.shareware.com #0
O1 - Hosts: 64.86.25.13 www.soft2share.com #0
O1 - Hosts: 65.124.157.150 www.2020research.com #0
O1 - Hosts: 209.87.112.25 www.mypoints.com #0
O1 - Hosts: 64.39.29.140 www.bellwethersurveys.com #0
O1 - Hosts: 216.74.152.11 www.bolt.com #0
O1 - Hosts: 207.153.216.141 www.betapanel.com #0
O1 - Hosts: 194.112.113.74 www.ciao-surveys.us #0
O1 - Hosts: 216.203.153.213 www.clickin.com #0
O1 - Hosts: 209.202.141.212 www.consumerinput.com #0
O1 - Hosts: 146.217.16.181 www.bettycrocker.com #0
O1 - Hosts: 64.42.220.35 www.i-say.com #0
O1 - Hosts: 168.215.71.119 www.inboxdollars.com #0

O2 - BHO: (no name) - {E0E329E7-80D2-4D57-9E1D-99EDE462A5CA} - (no file)

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
Johnnycoolwhip
Dec 8 2004, 08:10 AM
Hey whats up. Thanks for repling so fast your foruem is awsome. Here is the repost of HiJack This:


Logfile of HijackThis v1.98.2
Scan saved at 1:57:24, on 2004.12.08.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\Personal Firewall\MpfAgent.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\PromptCast\PromptCast.exe
C:\Documents and Settings\Owner\Desktop\SECURITY\Highjack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.4.20.188 v4.windowsupdate.microsoft.com #0
O1 - Hosts: 64.66.5.10 www.myinstantwebsite.com #0
O1 - Hosts: 66.235.177.158 www.adwarereport.com #0
O1 - Hosts: 66.98.220.4 www.how2bsuccessful.com #0
O1 - Hosts: 67.18.82.90 www.lavasoftsupport.com #0
O1 - Hosts: 216.180.233.162 www.spywareinfo.com #0
O1 - Hosts: 209.213.221.238 computercops.biz #0
O1 - Hosts: 208.42.236.6 forums.spywareinfo.com #0
O1 - Hosts: 64.91.226.241 www.wilderssecurity.com #0
O1 - Hosts: 209.87.112.25 www.mypoints.com #0
O1 - Hosts: 64.39.29.140 www.bellwethersurveys.com #0
O1 - Hosts: 216.74.152.11 www.bolt.com #0
O1 - Hosts: 207.153.216.141 www.betapanel.com #0
O1 - Hosts: 194.112.113.74 www.ciao-surveys.us #0
O1 - Hosts: 216.203.153.213 www.clickin.com #0
O1 - Hosts: 209.202.141.212 www.consumerinput.com #0
O1 - Hosts: 146.217.16.181 www.bettycrocker.com #0
O1 - Hosts: 63.241.201.119 www.e-rewards.com #0
O1 - Hosts: 64.42.220.35 www.i-say.com #0
O1 - Hosts: 168.215.71.119 www.inboxdollars.com #0
O1 - Hosts: 198.212.180.220 www.internetsurveypanel.com #0
O1 - Hosts: 209.132.219.21 mail.jackpot.com #0
O1 - Hosts: 217.160.226.72 www.marketfactor.org #0
O1 - Hosts: 63.236.30.78 us.lightspeedpanel.com #0
O1 - Hosts: 216.12.102.183 www.mindfieldonline.com #0
O1 - Hosts: 194.202.213.59 www.opinion-force.co.uk #0
O1 - Hosts: 63.170.131.41 www.onlinesurveys.com #0
O1 - Hosts: 66.196.239.71 www.opinionsunlimited.com #0
O1 - Hosts: 206.252.133.175 www.opinionsite.com #0
O1 - Hosts: 69.20.41.122 www.acop.com #0
O1 - Hosts: 64.202.103.181 www.surveymania.com #0
O1 - Hosts: 217.160.226.72 www.consumer-review.org #0
O1 - Hosts: 66.216.95.127 www.roboform.com #0
O1 - Hosts: 204.1.225.170 www.rapidchek.com #0
O1 - Hosts: 65.160.237.80 secure.adprofile.net #0
O1 - Hosts: 204.1.225.168 www.cinecheck.com #0
O1 - Hosts: 65.192.185.163 www.consumeropinionpanel.com #0
O1 - Hosts: 64.202.108.51 www.amazing-offers.com #0
O1 - Hosts: 194.226.200.43 www.softlinkers.org #0
O1 - Hosts: 205.209.178.203 satan-- not allowed here --.com #0
O1 - Hosts: 213.248.60.32 www.appzworld.com #0
O1 - Hosts: 195.140.140.121 katz.ws #0
O1 - Hosts: 69.50.179.90 www.phazeddl.com #0
O1 - Hosts: 81.3.150.144 soft-best.net #0
O1 - Hosts: 69.50.168.210 www.-- not allowed here --freaks.com #0
O2 - BHO: IeControler Class - {9AFD91F9-6B03-4D22-A1E1-67D224CB7AB1} - C:\Program Files\Superhunter\NetSpeeder\IEMate.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [NetSpeeder] "C:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe" hide
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\Personal Firewall\MpfTray.exe
O4 - HKLM\..\Run: [PCCGUIDE.EXE] "C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAGENT.EXE" /run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RegProt] c:\documents and settings\owner\desktop\security\registry prregprot.exe /start
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [System Mechanic Startup Guard] "C:\Program Files\iolo\System Mechanic 5 Professional\StartupGuard.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [PromptCast] C:\Program Files\PromptCast\PromptCast.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Passcards &. - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Password Generator &3 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Password Generator &3 - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html
O9 - Extra button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra 'Tools' menuitem: Identities &, - {45DB34C3-955C-11D3-ABEF-444553540000} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O9 - Extra button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Passcards &. - {45DB34C3-955C-11D3-ABEF-444553540001} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [!ANetSpeeder] NetSpeeder
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} - http://www.surveys.com/promptcast/Installs...AST%20SETUP.cab

[B]I have a ? Why do I have so many 01-Hosts that come up. I never had that many before like 3 weeks or so ago. Do they "01-Hosts" take up space on my PC?
If they are useless could I just take them off. THANKS AGAIN

JohnnyCoolWhip
Bobbi Flekman
Dec 8 2004, 12:09 PM
Hi Johnnycoolwhip,

QUOTE
I have a ?  Why do I have so many 01-Hosts that come up. I never had that many before like 3 weeks or so ago. Do they "01-Hosts" take up space on my PC?
If they are useless could I just take them off.    THANKS AGAIN
The hosts entries are all in one file and are set by some pieve of malware.

Lets try this, download Hoster, unzip it and start the program.
Press "Restore Original Hosts" and press "OK"
Exit Program.
Note: if you were using a custom Hosts file you will need to replace any of those entries yourself!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.