Wilders Security Forums  

Go Back   Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning
Reload this Page Help with HijackThis log pls
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware Cleaning Section Closed!!
Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services.
 
 
Thread Tools Search this Thread
  #1  
Old June 19th, 2004, 01:06 PM
cameronst cameronst is offline
Infrequent Poster
  
Join Date: Apr 2004
Posts: 6
Default Help with HijackThis log pls
I'm having problems with a browser hijacker and am posting my hijack this log in hopes of getting some help.

I've run Adaware and Spybot previously as well as cwshredder but haven't been able to get rid of the hijacker.

many thanks for your help,

Cam

Logfile of HijackThis v1.97.7

Scan saved at 10:46:23 AM, on 06/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\GWMDMMSG.exe

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\PopUp Killer\PopUpKiller.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\WINNT\System32\wnsintsu.exe

C:\WINNT\System32\NDrv.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\NMSSvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINNT\System32\HPZipm12.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

C:\hijackthis\HijackThis.exe


N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\dowc8zgb.slt\prefs.js)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {E205C796-4DC2-40DB-B2AC-029BD95A32E0} - C:\WINNT\System32\lkel.dll

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINNT\System32\idctup20.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [window.exe] C:\WINNT\System32\window.exe

O4 - HKCU\..\Run: [WNSC] C:\WINNT\System32\wnsintsu.exe

O4 - HKCU\..\Run: [NDrv] C:\WINNT\System32\NDrv.exe

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: officejet 6100.lnk = ?

O16 - DPF: emfctrl cab file - https://secure.emailfiltering.co.uk/cab/emfctrl.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tri...aderSigned.cab
  #2  
Old June 19th, 2004, 03:09 PM
dave38 dave38 is offline
Spyware Expert
  
Join Date: Feb 2004
Posts: 377
Default Re: Help with HijackThis log pls
Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: (no name) - {E205C796-4DC2-40DB-B2AC-029BD95A32E0} - C:\WINNT\System32\lkel.dll

O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINNT\System32\idctup20.exe
O4 - HKCU\..\Run: [window.exe] C:\WINNT\System32\window.exe
O4 - HKCU\..\Run: [WNSC] C:\WINNT\System32\wnsintsu.exe
O4 - HKCU\..\Run: [NDrv] C:\WINNT\System32\NDrv.exe

Reboot and delete

files
C:\WINNT\sysupd.exe
C:\WINNT\System32\idctup20.exe
C:\WINNT\System32\window.exe
C:\WINNT\System32\wnsintsu.exe
C:\WINNT\System32\NDrv.exe

These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if your problems persist.
  #3  
Old June 19th, 2004, 04:59 PM
cameronst cameronst is offline
Infrequent Poster
  
Join Date: Apr 2004
Posts: 6
Default Re: Help with HijackThis log pls
Things appear to be running smoothly now. Thanks for the help!

Cam

______________________________

Here is a new hijack this log:

Logfile of HijackThis v1.97.7

Scan saved at 2:51:55 PM, on 06/19/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\GWMDMMSG.exe

C:\WINNT\System32\igfxtray.exe

C:\WINNT\System32\hkcmd.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\PopUp Killer\PopUpKiller.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINNT\System32\NMSSvc.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINNT\System32\HPZipm12.exe

C:\hijackthis\HijackThis.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\dowc8zgb.slt\prefs.js)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe

O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe

O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE

O4 - HKLM\..\Run: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" +c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: PowerReg Scheduler V3.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: officejet 6100.lnk = ?

O16 - DPF: emfctrl cab file - https://secure.emailfiltering.co.uk/cab/emfctrl.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB

O16 - DPF: {EE2589EB-7FC8-44DB-A892-573F2C4B41E0} - http://pdf.forbes.com/forbesnews/tri...aderSigned.cab
 

Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 01:28 PM.

Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin® Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums