Wilders Security Forums  

Go Back   Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning
Reload this Page Hijack this log
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Search this Thread
  #1  
Old November 17th, 2003, 09:53 PM
Lawrence
 
Posts: n/a
Default Hijack this log
got a trojan, used Search & Destroy. My browser search page is still defaulting to here4search.com upon reboot. Can you help?

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\PROGRAM FILES\NETWORK ICE\BLACKICE\BLACKD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [LoadBlackD] C:\Program Files\Network ICE\BlackICE\blackd.exe
O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - Startup: BlackICE Utility.lnk = C:\Program Files\Network ICE\BlackICE\blackice.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\MemTurbo.exe
O4 - Startup: NetTurbo.lnk = C:\Program Files\SharewareOnline.com, Inc\NetTurbo\NetTurbo.exe
O4 - Startup: America Online 6.0 Tray Icon.lnk.disabled
O4 - Startup: Billminder.lnk.disabled
O4 - Startup: Quicken Startup.lnk.disabled
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Dell Home (HKCU)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .ppz: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npsurge.dll
O12 - Plugin for .avi: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npavi32.dll
O12 - Plugin for .kad: C:\PROGRA~1\INTERN~1\PLUGINS\npaucd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.cox.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://msnbc.com/download/nm1228.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {BF8AEBF6-0656-11d4-9EFF-00B0D011B1AE} (Communities.com TPV Support 01) - http://www.thepalace.com/TPV/CC_SUPPORT.cab
O16 - DPF: Communities.com The Palace Viewer - http://www.thepalace.com/TPV/CC_TPV.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {BB276850-DFAB-11D3-9C4B-00A0C94C8A8A} (ParallelGraphics Cortona Sound Support) - http://www.parallelgraphics.com/bin/cortdsnd.cab
O16 - DPF: {10B80390-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona JavaScript Support) - http://www.parallelgraphics.com/bin/cortjs.cab
O16 - DPF: {10B80394-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona DirectX Support) - http://www.parallelgraphics.com/bin/corthwrdx.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortcore.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/arcadegames/blasterball/wildtangent/wtinst.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/14779ef529bd9f76b721/netzip/RdxIE.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://rr.esecurecare.net/rnt/rnl/java/RntX.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021126/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
  #2  
Old November 18th, 2003, 02:23 AM
BWMerlin BWMerlin is offline
Regular Poster
  
Join Date: Aug 2003
Posts: 71
Default Re:Hijack this log
Hi these can be fixed but u may want to wait for someone to confirm.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O4 - HKCU\..\Run: [loader] C:\WINDOWS\LOADER.EXE
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
All 016 entries, if u need them u will be ask to dl them agian

Like i said u may want to wait for someone to confirm.
  #3  
Old November 18th, 2003, 02:26 AM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,298
Default Re:Hijack this log
Hi Lawrence,

Download, unzip and run: http://www.spywareinfo.com/~merijn/files/cwshredder.zip

Then have HijackThis Fix:
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver/arcadegames/blasterball/wildtangent/wtinst.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.25.43/14779ef529bd9f76b721/netzip/RdxIE.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http://www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab

Then reboot.

If you still have problems then, could you please post a log including the header? It can be important to know what version of HijackThis, IE and Windows you are using.

Regards,

Pieter

__________________
Regards,

Pieter
Itīs nice to be important, but itīs more important to be nice.
Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
  #4  
Old November 18th, 2003, 05:54 AM
Lawrence
 
Posts: n/a
Default Re:Hijack this log
Thanks a ton.
  #5  
Old November 18th, 2003, 06:03 AM
Pieter_Arntz's Avatar
Pieter_Arntz Pieter_Arntz is offline
Spyware Veteran
  
Join Date: Apr 2002
Location: Netherlands
Posts: 12,298
Default Re:Hijack this log
You're welcome.

Pieter
__________________
Regards,

Pieter
Itīs nice to be important, but itīs more important to be nice.
Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
 

Wilders Security Forums > Browser Hijacks and Spyware Problems > adware, spyware & hijack cleaning « Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Settings
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 08:13 AM.

Contact Us - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletinŪ Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright Đ2002 - 2009, Wilders Security Forums