1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Hijack this

Discussion in 'Security and Privacy' started by mattysmith1999, 2004/07/28.

Thread Status:
Not open for further replies.
  1. 2004/07/28
    mattysmith1999

    mattysmith1999 Inactive Thread Starter

    Joined:
    2004/07/28
    Messages:
    3
    Likes Received:
    0
    Hello foilks, I am a new member of bbs and have a couple of issues with my pc I would really appreciate some help with. I did have a hijacker on that would not let me enter any webpage in myt search bar it was called "common hijacker" according to spybot (which could not delete it) and it sent me to a site called "search for ". After using Hijack this and deleting a few regisrty entries it seems to have finally gone, but there are still some strange goings on..... could you read my Hijack this scan and tell me what you see please.....

    Logfile of HijackThis v1.98.0
    Scan saved at 4:29:57 PM, on 7/28/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\bootminder.exe
    C:\Program Files\AOL 9.0a\waol.exe
    C:\Program Files\AOL 9.0a\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\WinMX\WinMX.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Mick Smith\Desktop\Shortcuts\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\rundll32.exe

    O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Bootminder 2.lnk = C:\WINDOWS\bootminder.exe
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O13 - DefaultPrefix:
    O13 - WWW Prefix:
    O13 - Home Prefix: http://bigbr.cc?u=1503&error=
    O13 - Mosaic Prefix: http://bigbr.cc?u=1503&error=
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D54A5140-B9EC-451A-AFBE-BE09FE017A1F}: NameServer = 195.93.32.134
     
    mattysmith1999,
    #1
  2. 2004/07/28
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Have you gotten rid of some stuff since you posted This Hijackthis log from about 4 hours earlier? And I have locked that one to avoid the confusion of having two open topics about the same problem for the same user.
     
    Newt,
    #2


  3. to hide this advert.

  4. 2004/07/28
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    mattysmith1999, please stay to this thread.
    HijackThis is a tool, it doesn't know what is bad or good, it only shows what it is designed to. It is recommended if you do not know much about computers, to get someone to look at it. Misuse can lead to errors in windows.
    We have no idea what was removed.
    I can recommend using HJT to fix these entries.

    O13 - Home Prefix: http://bigbr.cc?u=1503&error=
    O13 - Mosaic Prefix: http://bigbr.cc?u=1503&error=

    Do you know what Bootminder.Exe is?

    Unless you removed the ActiveX control for Windows Update, it appears this machine never has been updated at the Windows Update Site. It does not appear in the other log you posted. If you have never been there, it is a very good idea to do so. Go to Tools\Windows Update on the toolbar in IE.
     
    markp62,
    #3
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...