1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

HijackThis log and search\toolbar

Discussion in 'Security and Privacy' started by Blueberry, 2004/09/02.

Thread Status:
Not open for further replies.
  1. 2004/09/02
    Blueberry

    Blueberry Well-Known Member Thread Starter

    Joined:
    2003/03/07
    Messages:
    107
    Likes Received:
    0
    I believe my friends computer has been hijacked in a big way - AdAware found 188 objects and HiJackThis lists many suspicious entries. One in particular keeps coming back after deletion. They are connected to the internet, but can't browse - plus a big search/toolbar has attached itself to IE and won't go away.

    Can someone give some help with this log?

    Thanks!

    Logfile of HijackThis v1.97.7
    Scan saved at 8:33:53 PM, on 9/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\Program Files\Winamp3\winampa.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\progra~1\intern~1\iexplore.exe
    C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Mark Bock.FAMILY-DKA7S1AL\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eolninssbscgtig.com/MFCBMFQslG3gmc0BD4qiqhfGrtIE/BZk4suSZ6LhzEpyE7xSrAF_vfoboeIzJS0v.html
    O2 - BHO: (no name) - {06C9A4B7-790E-8ADC-FE14-C8946927086E} - C:\PROGRA~1\LogLive\curbhold.exe
    O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
    O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe "
    O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe "
    O4 - HKLM\..\Run: [WINDOWADMIN] C:\PROGRA~1\KEEPME~1\Body Deaf Cast.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe "
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe "
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
    Blueberry,
    #1
  2. 2004/09/02
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Moved to Security/Virus/Spyware
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2004/09/02
    dobhar Lifetime Subscription

    dobhar Inactive

    Joined:
    2002/05/24
    Messages:
    924
    Likes Received:
    3
    Hi Blueberry...

    Noticed that you are running an older version of HijackThis. Download the latest version of "HijackThis ". You also should not run the program out of the Temp folder. Download to a folder on your hard drive. Call the folder, for example, C:\HJT. Run the new version and post back a new log. NOTE: Do not fix anything until someone experienced with the logs advises you to.
     
    dobhar,
    #3
  5. 2004/09/04
    markp62

    markp62 Geek Member Alumni

    Joined:
    2002/05/01
    Messages:
    4,012
    Likes Received:
    16
    While we are waiting for the new log to appear, uninstall Messenger Plus!, reboot and then delete the folder C:\Program Files\Messenger Plus!
     
    markp62,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...