Re: HELP hijack this results

From: Tedd Riggs (T_Riggs_at_msn.cöm)
Date: 03/30/04 

Date: Mon, 29 Mar 2004 17:20:54 -0800

You need far more then just the basic Windows Firewall as that will only
stop incoming traffic. I would get something like Zone Alarm, turn your
security up to at least medium and you will just have to face it that you
are going to get alot of junk with all the casino type sites you visit,
those are famous for hijacking and tracking cookies. 

-- 
Tedd Riggs
PDA Square Content Developer
www.pdasquare.com
Redmond,   WA
"PONE" <anonymous@discussions.microsoft.com> wrote in message 
news:153a701c415ee$40f62750$a301280a@phx.gbl...
> why do i keep getting spam and i cannot log on to my
> hotmail account. here is what hijack this gave back to me
> but i need a little help understanding it. i run spybot
> and adaware 6 everyday, and everyday more spam. my
> windows firewall is up.
>
> Logfile of HijackThis v1.97.7
> Scan saved at 7:23:38 PM, on 3/29/2004
> Platform: Windows XP SP1 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\PROGRA~1\NORTON~1\navapw32.exe
> C:\WINDOWS\DELLMMKB.EXE
> C:\WINDOWS\Nhksrv.exe
> C:\Program Files\Norton AntiVirus\navapsvc.exe
> C:\WINDOWS\System32\nvsvc32.exe
> C:\Program Files\Netropa\OSD.exe
> C:\Program Files\AWS\WeatherBug\Weather.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\wanmpsvc.exe
> C:\WINDOWS\explorer.exe
> C:\Documents and Settings\doug\Local
> Settings\Temp\Temporary Directory 1 for hijackthis
> [1].zip\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet
> Explorer\Main,Default_Page_URL = http://www.dellnet.com/
> R0 - HKLM\Software\Microsoft\Internet
> Explorer\Search,SearchAssistant = about:blank
> R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
> (Default) = about:blank
> O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
> 784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0
> \Reader\ActiveX\AcroIEHelper.ocx
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-
> FADC6B084872} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
> 7859DF00B1D6} - C:\Program Files\Norton
> AntiVirus\NavShExt.dll
> O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
> 00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
> NvQTwk,NvCplDaemon initialize
> O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1
> \navapw32.exe
> O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
> O4 - HKLM\..\Run: [Blubster] C:\Program
> Files\Blubster\Blubster.exe SILENT
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline
> Global\PC Booster\pcbooster.exe
> O4 - HKCU\..\Run: [Weather] C:\Program
> Files\AWS\WeatherBug\Weather.exe 1
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
> Messenger\msnmsgr.exe" /background
> O8 - Extra context menu item: &Define - C:\Program
> Files\Common Files\Microsoft Shared\Reference 2001
> \A\ERS_DEF.HTM
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
> O8 - Extra context menu item: Look Up in &Encyclopedia -
> C:\Program Files\Common Files\Microsoft Shared\Reference
> 2001\A\ERS_ENC.HTM
> O9 - Extra button: Encarta Encyclopedia (HKLM)
> O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
> O9 - Extra button: Messenger (HKLM)
> O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
> O9 - Extra button: Define (HKLM)
> O9 - Extra 'Tools' menuitem: Define (HKLM)
> O9 - Extra button: AIM (HKLM)
> O9 - Extra button: Messenger (HKLM)
> O9 - Extra 'Tools' menuitem: Messenger (HKLM)
> O9 - Extra button: WeatherBug (HKCU)
> O16 - DPF: Ali Baba Slots TM by pogo -
> http://temp35.pogo.com/applet/slots/alibaba-ob-assets.cab
> O16 - DPF: Backgammon by pogo -
> http://gammon.pogo.com/applet/backgammon/backgammon-ob-
> assets.cab
> O16 - DPF: Buckaroo Blackjack TM by pogo -
> http://vbjack.pogo.com/applet/videoblackjack/videoblackjac
> k-ob-assets.cab
> O16 - DPF: Checkers by pogo.com -
> http://checkers.pogo.com/applet/checkers2/checkers-ob-
> assets.cab
> O16 - DPF: Cribbage by pogo -
> http://crib.pogo.com/applet/cribbage/cribbage-ob-
> assets.cab
> O16 - DPF: Dice Derby by pogo -
> http://checkeredflag.pogo.com/applet/checkeredflag/checker
> edflag-ob-assets.cab
> O16 - DPF: Dice Derby by pogo.com -
> http://checkeredflag.pogo.com/applet/checkeredflag/checker
> edflag-ob-assets.cab
> O16 - DPF: Dominoes by pogo -
> http://domino.pogo.com/applet/domino/domino-ob-assets.cab
> O16 - DPF: Dominoes by pogo.com -
> http://domino07.pogo.com/applet/domino/domino-ob-
> assets.cab
> O16 - DPF: Euchre by pogo -
> http://euchre.pogo.com/applet/euchre/euchre-ob-assets.cab
> O16 - DPF: EZ Win Bingo by pogo -
> http://bingoe.pogo.com/applet/bingo/bingoe-ob-assets.cab
> O16 - DPF: EZ Win Bingo by pogo.com -
> http://bingoe.pogo.com/applet/bingo/bingoe-ob-assets.cab
> O16 - DPF: First Class Solitaire by pogo -
> http://solitaire44.pogo.com/applet/solitaire2/solitaire2-
> ob-assets.cab
> O16 - DPF: First Class Solitaire by pogo.com -
> http://temp39.pogo.com/applet/solitaire2/solitaire2-ob-
> assets.cab
> O16 - DPF: Fortune Bingo by pogo -
> http://superbingo.pogo.com/applet/superbingo/superbingo-
> ob-assets.cab
> O16 - DPF: Greenback Bayou by pogo -
> http://greenback.pogo.com/applet/greenback/greenback-ob-
> assets.cab
> O16 - DPF: Greenback Bayou by pogo.com -
> http://greenback.pogo.com/applet/greenback/greenback-ob-
> assets.cab
> O16 - DPF: Hammerhead Pool by pogo.com -
> http://temp14.pogo.com/applet/pool/pool-ob-assets.cab
> O16 - DPF: Hearts by pogo -
> http://hearts.pogo.com/applet/hearts/hearts-ob-assets.cab
> O16 - DPF: High Stakes Poker by pogo -
> http://temp77fe.pogo.com/applet/drawpoker/drawpoker-ob-
> assets.cab
> O16 - DPF: Jokers Wild Poker by pogo -
> http://temp91.pogo.com/applet/videopoker2/jokerswild-ob-
> assets.cab
> O16 - DPF: Jungle Gin by pogo -
> http://gin.pogo.com/applet/gin/gin-ob-assets.cab
> O16 - DPF: Jungle Gin by pogo.com -
> http://gin.pogo.com/applet/gin/gin-ob-assets.cab
> O16 - DPF: Keno by pogo -
> http://keno.pogo.com/applet/keno/keno-ob-assets.cab
> O16 - DPF: Keno by pogo.com -
> http://keno.pogo.com/applet/keno/keno-ob-assets.cab
> O16 - DPF: Mah Jong Garden by pogo -
> http://mahjong.pogo.com/applet/mahjong/mahjong-ob-
> assets.cab
> O16 - DPF: Payday FreeCell by pogo -
> http://freecell.pogo.com/applet/freecell/freecell-ob-
> assets.cab
> O16 - DPF: Payday FreeCell by pogo.com -
> http://temp12.pogo.com/applet/freecell/freecell-ob-
> assets.cab
> O16 - DPF: Pebble Beach Golf by pogo -
> http://temp40.pogo.com/applet/pebble/pebble-ob-assets.cab
> O16 - DPF: Pirate's Gold by pogo -
> http://swashbucks11.pogo.com/applet/piratesgold/piratesgol
> d-ob-assets.cab
> O16 - DPF: Pop Fu by pogo -
> http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
> O16 - DPF: Pop Fu by pogo.com -
> http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
> O16 - DPF: Poppit TM by pogo -
> http://poppit13.pogo.com/applet/poppit/poppit-ob-
> assets.cab
> O16 - DPF: Poppit! TM by pogo.com -
> http://poppit26.pogo.com/applet/poppit/poppit-ob-
> assets.cab
> O16 - DPF: SciFi Slots by pogo -
> http://temp92.pogo.com/applet/slots/scifi-ob-assets.cab
> O16 - DPF: Showbiz Slots 2 by pogo.com -
> http://showbiz2.pogo.com/applet/slots/showbiz2-ob-
> assets.cab
> O16 - DPF: Showbiz Slots by pogo.com -
> http://showbiz.pogo.com/applet/slots/showbiz-ob-assets.cab
> O16 - DPF: Spades by pogo.com -
> http://temp35.pogo.com/applet/spades/spades-ob-assets.cab
> O16 - DPF: Squelchies by pogo -
> http://squelchies.pogo.com/applet/squelchies/squelchies-
> ob-assets.cab
> O16 - DPF: Squelchies by pogo.com -
> http://squelchies.pogo.com/applet/squelchies/squelchies-
> ob-assets.cab
> O16 - DPF: Sweet Tooth TM by pogo -
> http://temp81fe.pogo.com/applet/sweettooth/sweettooth-ob-
> assets.cab
> O16 - DPF: Tri-Peaks by pogo -
> http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
> O16 - DPF: Tumble Bees by pogo -
> http://temp36.pogo.com/applet/jumbee/jumbee-ob-assets.cab
> O16 - DPF: Turbo 21 TM by pogo -
> http://turbo21.pogo.com/applet/turbo21/turbo21-ob-
> assets.cab
> O16 - DPF: Turbo 21 TM by pogo.com -
> http://temp14.pogo.com/applet/turbo21/turbo21-ob-
> assets.cab
> O16 - DPF: Word Whomp by pogo -
> http://whomp.pogo.com/applet/wordwhomp/wordwhomp-ob-
> assets.cab
> O16 - DPF: Word Whomp by pogo.com -
> http://temp39.pogo.com/applet/wordwhomp/wordwhomp-ob-
> assets.cab
> O16 - DPF: Word Whomp Whackdown by pogo -
> http://whackdown.pogo.com/applet/whackdown/whackdown-ob-
> assets.cab
> O16 - DPF: Word Whomp Whackdown by pogo.com -
> http://whackdown.pogo.com/applet/whackdown/whackdown-ob-
> assets.cab
> O16 - DPF: World Class Solitaire by pogo -
> http://klondike.pogo.com/applet/worldclass/worldclass-ob-
> assets.cab
> O16 - DPF: Yahoo! Bingo -
> http://download.games.yahoo.com/games/clients/y/xt0_x.cab
> O16 - DPF: Yahoo! Dice -
> http://download.games.yahoo.com/games/clients/y/dct0_x.cab
> O16 - DPF: Yahoo! Euchre -
> http://download.games.yahoo.com/games/clients/y/et0_x.cab
> O16 - DPF: Yahoo! Toki Toki Boom -
> http://download.games.yahoo.com/games/clients/y/vtj_x.cab
> O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED}
> (Support.com SmartIssue) -
> http://support.charter.com/sdccommon/download/tgctlsi.cab
> O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}
> (Support.com Configuration Class) -
> http://support.charter.com/sdccommon/download/tgctlcm.cab
> O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
> (Shockwave ActiveX Control) -
> http://download.macromedia.com/pub/shockwave/cabs/director
> /sw.cab
> O16 - DPF: {17163BB4-107E-11D4-9B76-006097DF2317} -
> http://www.ea.com/downloads/games/common/boot_strap/iegils
> .cab
> O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35}
> (Brix6ie Control) -
> http://a19.g.akamai.net/7/19/7125/1410/ftp.coupons.com/v7/
> brix6ie.cab
> O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}
> (MiniBugTransporterX Class) -
> http://download.weatherbug.com/minibug/tricklers/AWS/MiniB
> ugTransporter.cab?rand=20034412
> O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
> (YInstStarter Class) -
> http://download.yahoo.com/dl/installs/yinst.cab
> O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
> http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.inf
> o.apple.com/borris/us/win/QuickTimeInstaller.exe
> O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN
> Chat Control 4.2) -
> http://fdl.msn.com/public/chat/msnchat42.cab
> O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
> Class) -
> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuct
> l.CAB?37608.7291782407
> O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D}
> (DoomCln Object) -
> http://www.microsoft.com/security/controls/DoomCln.CAB
> O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872}
> (cpbrxpie Control) -
> http://a19.g.akamai.net/7/19/7125/4003/ftp.coupons.com/r31
> 20/cpbrxpie.cab
> O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
> (Shockwave Flash Object) -
> http://download.macromedia.com/pub/shockwave/cabs/flash/sw
> flash.cab
> O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} -
> http://fdl.msn.com/public/chat/msnchat4.cab
> O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yi
> ebio5_0_2_1.cab
>
>
Quantcast