Can hijackthis be used to the fix the problems in the logfile below?
Original problem: Links on google search pages on a netscape browser automatically redirected via search-daily.com to other sites. Also the webpage securepccleaner.com automatically opened when first connecting to the net.
Downloaded Firefox browser which has ended the search-daily problem but still have spyware warning messages randomly pop up.
I’ve allowed spy-shredder http://scanner.shred...m/5/?advid=3373 to do a system scan and it turned up these. No action taken:
Backdoor:Win32/NTRoot
Backdoor:Win32/Sivuxa
Trojan. Caiijing
Here is the hijack this log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:48 PM, on 3/2/2008
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\ePOAgent\FrameworkService.exe
C:\WINDOWS\System32\NMSSvc.exe
c:\orawin\BIN\TNSLSNR80.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atiptaxx.exe
C:\WINDOWS\System32\Promon.exe
C:\ePOAgent\UpdaterUI.exe
C:\WINDOWS\system32\nq00v.exe
C:\WINDOWS\System32\msiconf.exe
C:\America Online 4.0a\aoltray.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.skybroadband.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape...nsearch200.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.ei.org/eicorp/eicorp"); (C:\Program Files\Netscape\Users\fhoque\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {882A0860-18C0-47A6-AB92-EE7A58F68F02} - C:\WINDOWS\System32\ctl3d32s.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [nq00v] C:\WINDOWS\system32\nq00v.exe
O4 - HKCU\..\Run: [nq00v] C:\WINDOWS\system32\nq00v.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Printing Migration] rundll32.exe C:\WINDOWS\System32\spool\migrate.dll,ProcessWin9xNetworkPrinters (User 'Default user')
O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0a\aoltray.exe
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\imgstart.exe
O4 - Global Startup: Mediamatics FIXDVDB.lnk = C:\Program Files\Mediamatics\DVDExpress\DVD\Fixdvdb.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg SchedulerV2.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .mov: C:\Program Files\Netscape\Communicator\Program\PLUGINS\NPQTW32.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\ePOAgent\FrameworkService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Oracleoracle8_homeClientCache80 - Unknown owner - c:\orawin\BIN\ONRSD80.EXE
O23 - Service: Oracleoracle8_homeNamesService80 - Unknown owner - c:\orawin\BIN\NAMES80.EXE
O23 - Service: Oracleoracle8_homeTNSListener80 - Unknown owner - c:\orawin\BIN\TNSLSNR80.EXE
--
End of file - 6501 bytes
Edited by RHQ, 02 March 2008 - 03:51 PM.