need some help

Discussion in 'adware, spyware & hijack cleaning' started by ineedhelp83, May 23, 2004.

Thread Status:
Not open for further replies.
  1. ineedhelp83

    ineedhelp83 Registered Member

    Joined:
    May 23, 2004
    Posts:
    1
    Hi all,

    Need some help decyphering my hijack this log. I occasionally get a pop up professing to be microsoft offering a system update and I want the thing to go away. It is obviously fraudulent.
    Thanks in advance for the assistence

    Logfile of HijackThis v1.97.7
    Scan saved at 3:54:10 PM, on 5/23/2004
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\drivers\CDAC11BA.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Corel\Suite8\Programs\DAD8.EXE
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\freecell.exe
    C:\WINNT\system32\drwtsn32.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dwande\Desktop\HijackThis.exe
    C:\Program Files\Symantec\LiveUpdate\AUpdate.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{08F3B838-7F25-489B-88A6-C322856FA6E5}: NameServer = 205.171.3.65 205.171.2.65
    O17 - HKLM\System\CS1\Services\Tcpip\..\{08F3B838-7F25-489B-88A6-C322856FA6E5}: NameServer = 205.171.3.65 205.171.2.65
     
  2. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Hi,

    Nothing wrong in your log, although you should update win2k and IE asap via windowsupdate.com, maybe that other popup will dissapear because if it is fraudulent as you suspect it benefites from a not updated windows, as yours

    Hope this helps

    Cheers,
     
Thread Status:
Not open for further replies.