MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Hijack Log
November 17, 2019, 10:35:37 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 17, 2019, 10:35:37 PM

Login with username, password and session length
 Featured Sites:
News
Article Writers We are looking for quality, informational articles to add to our Computer Articles
Please contact us if you are interested in submitting some....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Hijack Log  (Read 1036 times)
Murdoc
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« on: January 13, 2006, 07:15:50 PM »

i have to much ad ware on my comp, it occured when i was browsing the internet and all of a sudden my computer backround changed saying "there is malicious spyware on here" or some **** but thats not a problem since i got rid of it. it also installed a fake anti spyware scanner which i got rid of too, so all i need to know is how to make my comp pop up free. thanks for any help.



Logfile of HijackThis v1.99.1
Scan saved at 12:12:02 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\sdkfo.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\RioMSC.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINNT\system32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\MMTray2k.exe
C:\WINNT\system32\MMTray2k.exe
C:\WINNT\d3sr32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\virus scanner stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
O2 - BHO: Class - {1029DA45-3A0C-D27A-13C9-BCD04EB4E5E5} - C:\WINNT\javaak32.dll
O2 - BHO: Class - {256B0089-D6F3-6EC7-52CE-95BA88AE595F} - C:\WINNT\atlmv.dll
O2 - BHO: Class - {2FEB9FA1-27C4-3B84-9155-35F6E883E9EF} - C:\WINNT\ntpc32.dll
O2 - BHO: Class - {321DD282-D818-35E5-1012-A0AA09CEEA0C} - C:\WINNT\wingm32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {699CCD9C-33BB-C88E-D7C1-87FB049AA144} - C:\WINNT\appgm32.dll
O2 - BHO: Class - {6D35171D-4CF6-D9FE-766A-AF2EB620033D} - C:\WINNT\system32\winwl.dll
O2 - BHO: Class - {7368F516-1791-C46E-144F-D4BEDCBBEF00} - C:\WINNT\appgm32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Class - {8BF06759-2B7F-D633-C13C-BE66B2CD986D} - C:\WINNT\system32\ievw32.dll
O2 - BHO: Class - {8C9429EE-EAE9-2380-7B85-15E8757E50FF} - C:\WINNT\mswa32.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Class - {9594255D-EBC0-A022-907C-B13B544FBC96} - C:\WINNT\appgm32.dll
O2 - BHO: Class - {AD984562-8F54-558B-4316-489F346F72A3} - C:\WINNT\ipmx32.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {FD027926-F79F-B9D4-D550-257E7FE60D80} - C:\WINNT\system32\ntvn.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: January 14, 2006, 03:00:40 AM »

You have more spyware installed than a US satellite. Grin
===========================================


It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed..

Download any of the required programs before attempting to start any of the fixes.





SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK

===========================================




How to setup  AboutBuster version 5

Download AboutBuster

Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..

To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.

This program is updated often so you should always use the built in update feature before you scan with it.

========================================

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press  and Close HJT.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\tfsgq.dll/sp.html#63796%resultposition.net

O2 - BHO: Class - {1029DA45-3A0C-D27A-13C9-BCD04EB4E5E5} - C:\WINNT\javaak32.dll
O2 - BHO: Class - {256B0089-D6F3-6EC7-52CE-95BA88AE595F} - C:\WINNT\atlmv.dll
O2 - BHO: Class - {2FEB9FA1-27C4-3B84-9155-35F6E883E9EF} - C:\WINNT\ntpc32.dll
O2 - BHO: Class - {321DD282-D818-35E5-1012-A0AA09CEEA0C} - C:\WINNT\wingm32.dll
O2 - BHO: Class - {699CCD9C-33BB-C88E-D7C1-87FB049AA144} - C:\WINNT\appgm32.dll
O2 - BHO: Class - {6D35171D-4CF6-D9FE-766A-AF2EB620033D} - C:\WINNT\system32\winwl.dll
O2 - BHO: Class - {7368F516-1791-C46E-144F-D4BEDCBBEF00} - C:\WINNT\appgm32.dll
O2 - BHO: Class - {8BF06759-2B7F-D633-C13C-BE66B2CD986D} - C:\WINNT\system32\ievw32.dll
O2 - BHO: Class - {8C9429EE-EAE9-2380-7B85-15E8757E50FF} - C:\WINNT\mswa32.dll
O2 - BHO: Class - {9594255D-EBC0-A022-907C-B13B544FBC96} - C:\WINNT\appgm32.dll
O2 - BHO: Class - {AD984562-8F54-558B-4316-489F346F72A3} - C:\WINNT\ipmx32.dll
O2 - BHO: Class - {FD027926-F79F-B9D4-D550-257E7FE60D80} - C:\WINNT\system32\ntvn.dll
O4 - HKLM\..\Run: [
Logged

An Australian Member of

EDDY
Murdoc
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: January 14, 2006, 05:23:06 PM »

ok when i try to run aboutbuster 6.0

i get this error popping



is there a different program i can use or a solution to fix this?
Logged
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #3 on: January 15, 2006, 12:06:48 AM »

Try CWshredder and Spybot instead

Download CWShredder http://www.trendmicro.com/cwshredder/
Choose the stand alone version. This is free.
Save cwshredder.exe into its own directory, NOT in a TEMPorary folder or on the DESKTOP.
I recommend, c:/program files/CWShredder/
Close all browsers
Unzip into same directory
Doubleclick CWSInstall.exe
Click  and let it install all updates
Click
Click
Close CWShredder//
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page July 23, 2019, 11:35:13 PM