Hi Friens :)
First read My Hijack Log File
Logfile of HijackThis v1.97.7
Scan saved at 1:10:12 PM, on 14-04-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\Ct
Notify.exe
C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
C:\PROGRA~1\mcafee.com\vso
\mcvsshld.
exe
C:\PROGRA~1\mcafee.com\age
nt\mcagent
.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
c:\progra~1\mcafee.com\vso
\mcvsescn.
exe
C:\PROGRA~1\McAfee.com\PER
SON~1\MpfT
ray.exe
C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe
C:\Program Files\Hotbar\bin\4.4.5.0\H
bInst.exe
C:\Program Files\Creative\ShareDLL\Me
diaDet.Exe
C:\Program Files\Popup Defender\pd.exe
C:\Program Files\Kazaa Lite\kazaalite.kpp
C:\WINDOWS\twain_32\LG600P
\Detector.
exe
C:\WINDOWS\webshots.scr
C:\PROGRA~1\McAfee.com\PER
SON~1\MpfA
gent.exe
C:\WINDOWS\System32\CTSvcC
DA.exe
c:\PROGRA~1\mcafee.com\vso
\mcvsrte.e
xe
C:\PROGRA~1\McAfee.com\PER
SON~1\MPFS
ERVICE.exe
C:\WINDOWS\System32\svchos
t.exe
c:\PROGRA~1\mcafee.com\vso
\mcshield.
exe
c:\progra~1\mcafee.com\vso
\mcvsftsn.
exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\AAdy\Desktop\Hija
ckThis.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://www.2020search.com/search/9884/search.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://www.2020search.com/search/9884/search.htmlR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://www.2020search.com/search/9884/search.htmlR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Default_Sear
ch_URL = about:blank
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Search,SearchAssi
stant =
http://www.2020search.com/search/9884/search.htmlR1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyServer = proxy1.emirates.net.ae:808
0
R0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Start Page_bak = about:blank
N3 - Netscape 7: user_pref("browser.startup
.homepage"
, "
http:\\\\www.google.com")
; (C:\Documents and Settings\AAdy\Application Data\Mozilla\Profiles\defa
ult\xid2mm
gv.slt\pre
fs.js)
N3 - Netscape 7: user_pref("browser.search.
defaulteng
ine", "engine://C%3A%5CProgram%2
0Files%5CN
etscape%5C
Netscape%5
Csearchplu
gins%5CSBW
eb_01.src"
); (C:\Documents and Settings\AAdy\Application Data\Mozilla\Profiles\defa
ult\xid2mm
gv.slt\pre
fs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-4
8675AA2B49
4} - C:\WINDOWS\winres.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0
004ACA6948
E} - C:\Program Files\Hotbar\bin\4.4.5.0\H
bHostIE.dl
l
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-9
05236F6F65
5} - c:\progra~1\mcafee.com\vso
\mcvsshl.d
ll
O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0
004ACA6948
E} - C:\Program Files\Hotbar\bin\4.4.5.0\H
bHostIE.dl
l
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\Ct
Notify.exe
O4 - HKLM\..\Run: [DSL Monitor] C:\Program Files\Efficient Networks\SpeedStream DSL\SPDSTRM.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCh
eck.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vs
o\mcmnhdlr
.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vs
o\mcvsshld
.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\age
nt\mcagent
.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\age
nt\mcupdat
e.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PER
SON~1\MpfT
ray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe
" -atboottime
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite\kpp.exe" "C:\Program Files\Kazaa Lite\kazaalite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
rep 0 -k
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.4.5.0\H
bInst.exe /Upgrade
O4 - HKCU\..\Run: [Popup Defender] "C:\Program Files\Popup Defender\pd.exe" Minimize
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.ex
e
O4 - Global Startup: Detector.lnk = C:\WINDOWS\twain_32\LG600P
\Detector.
exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.ex
e
O9 - Extra button: PD (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.d
ll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.d
ll,-61144 (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
dll
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {15B782AF-55D8-11D1-B477-0
0609709876
4} (Macromedia Authorware Web Player Control) -
http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-4
4455354000
0} (Shockwave ActiveX Control) -
http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
A1EDB1D8A2
1} (McAfee.com Operating System Class) -
http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cabO16 - DPF: {9D614E8E-03AA-11D3-90FC-0
040C715702
9} (PDMSInstallerCtl Class) -
http://www.pakdata.com/download/PDMSInstaller.cabO16 - DPF: {CAAE28D1-ADCC-11D1-BD4D-0
0484540188
1} (Urdu98 Control) -
http://www.pakdata.com/download/urduplugin.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-7
3DB16A1543
A} (PopCapLoader Object) -
http://utu.popcap.com/games/popcaploader_v5.cabO17 - HKLM\System\CCS\Services\T
cpip\..\{4
C2A5680-5D
E6-401E-B7
A6-C5347AC
27342}: NameServer = 194.170.1.6 194.170.1.7
--------------------------
----------
----------
----------
----------
----------
----------
----------
----------
----------
----------
----------
--
now plzz tell me if u find any suspisious entry here ??
Coz i think there is some BAD with my system, i ran Adaware, but it found nothing, i know i have Hotbar installed, but i have no problem with that.
I have just ran a Patch program for MSN Messenger polygamy, and it DID something !!
My internet explorer's home page changed to a "About Blank" search page, although i have changed it back to Google, but still im not sure that is it still there or not, and form the above log im 99% sure that it is THERE :(
But im not experienced woth Hijackthis, so have come here to ask u people what entries should i remove in order to clean up my system, and plzz consider one thing, NOTHING should be happened to My System plzzzzzzzzzzzzzzz :(
Coz i have just setup it after spendind the whole two months, and i can';t take any risk plzzzzzz :(
Thanx for any help,
!! REGARDS !!
