Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked [CLOSED]

Started by kodalux , May 15 2005 05:14 AM

  • This topic is locked This topic is locked

#1
kodalux
Posted 15 May 2005 - 05:14 AM

kodalux

    New Member

  • Member
  • Pip
  • 1 posts
I have a problem with the about.blank on computer boot and IE startup. I've ran adaware as well as a number of spy programs but problem is still there. Here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 7:07:44 AM, on

15/05/2005
Platform: Windows XP (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00

SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.ex

e
C:\WINDOWS\system32\services.ex

e
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Norton\Norton

AntiVirus\navapsvc.exe
C:\Norton\Norton

Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Norton\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sdkzp32.exe
C:\Program

Files\MusicMatch\MusicMatch

Jukebox\mm_tray.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.

exe
C:\LEXMAR~1\ACMonitor_X83.exe
C:\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVE

RS\W32X86\3\printray.exe
C:\Spyhunter\PopupBlocker\Enigm

aPopupStop.exe
C:\Norton\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFX

SWTCH.exe
C:\WINDOWS\System32\wfxsnt40.ex

e
C:\Program

Files\dvd43\dvd43_tray.exe
C:\windows\system32\netdaemon.e

xe
C:\TweakMASTER-PRO\TweakMASTER\

TwMaster.exe
C:\WINDOWS\System32\atl70132.ex

e
C:\WINDOWS\msdw.exe
C:\Program

Files\MsConfigs\MsConfigs.exe
C:\WINDOWS\System32\p2pnetwork.

exe
C:\WINDOWS\System32\P2P

Networking\P2P Networking.exe
H:\Screen

Capture\PrintScreen\PrintScreen

.exe
H:\Weather\WeatherEye.exe
C:\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\wuauclt.exe
H:\Hijackthis2\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Interne

t Explorer\Main,Search Bar =

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R1 -

HKCU\Software\Microsoft\Interne

t Explorer\Main,Search Page =

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R1 -

HKLM\Software\Microsoft\Interne

t

Explorer\Main,Default_Page_URL

= about:blank
R1 -

HKLM\Software\Microsoft\Interne

t

Explorer\Main,Default_Search_UR

L =

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R1 -

HKLM\Software\Microsoft\Interne

t Explorer\Main,Search Bar =

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R1 -

HKLM\Software\Microsoft\Interne

t Explorer\Main,Search Page =

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R1 -

HKCU\Software\Microsoft\Interne

t

Explorer\Search,SearchAssistant

=

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R0 -

HKLM\Software\Microsoft\Interne

t

Explorer\Search,SearchAssistant

=

res://C:\WINDOWS\fausm.dll/sp.h

tml#37049
R0 -

HKCU\Software\Microsoft\Interne

t Explorer\Main,Local Page =
R3 - Default URLSearchHook is

missing
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D

6BE0B3} - c:\program

files\adobe\Reader\ActiveX\Acro

IEHelper.ocx
O2 - BHO: CNavExtBho Class -

{BDF3E430-B101-42AD-A544-FADC6B

084872} - C:\Norton\Norton

AntiVirus\NavShExt.dll
O2 - BHO: Class -

{F61EE4EF-175D-788C-572B-3EA896

1D324F} -

C:\WINDOWS\apion32.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9

082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus

-

{42CDD1BF-3FFB-4238-8AD1-7859DF

00B1D6} - C:\Norton\Norton

AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA]

atiptaxx.exe
O4 - HKLM\..\Run: [MMTray]

C:\Program

Files\MusicMatch\MusicMatch

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE NvQTwk,NvCplDaemon

initialize
O4 - HKLM\..\Run:

[KernelFaultCheck]

%systemroot%\system32\dumprep 0

-k
O4 - HKLM\..\Run: [TkBellExe]

"C:\Program Files\Common

Files\Real\Update_OB\realsched.

exe" -osboot
O4 - HKLM\..\Run: [Lexmark X83

Button Monitor]

C:\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83

Button Manager]

C:\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray]

C:\WINDOWS\System32\spool\DRIVE

RS\W32X86\3\printray.exe
O4 - HKLM\..\Run:

[EnigmaPopupStop]

C:\Spyhunter\PopupBlocker\Enigm

aPopupStop.exe
O4 - HKLM\..\Run: [NAV Agent]

C:\Norton\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch]

C:\PROGRA~1\NORTON~1\WinFax\WFX

SWTCH.exe
O4 - HKLM\..\Run:

[WinFaxAppPortStarter]

wfxsnt40.exe
O4 - HKLM\..\Run: [dvd43]

C:\Program

Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MediaFace

Integration] H:\CD-DVD

Labeler\SetHook.exe
O4 - HKLM\..\Run: [Symantec

NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKLM\..\Run:

[SSC_UserPrompt] C:\Program

Files\Common Files\Symantec

Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run:

[UpdateManager] "C:\Program

Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [netdaemon]

c:\windows\system32\netdaemon

/v
O4 - HKLM\..\Run:

[NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.e

xe
O4 - HKLM\..\Run: [NeroCheck]

C:\WINDOWS\system32\NeroCheck.e

xe
O4 - HKLM\..\Run: [TweakMASTER]

"C:\TweakMASTER-PRO\TweakMASTER

\TwMaster.exe" /auto
O4 - HKLM\..\Run:

[88b5b55ebaca]

C:\WINDOWS\System32\atl70132.ex

e
O4 - HKLM\..\Run:

[iexplore.exe] C:\Program

Files\Internet

Explorer\iexplore.exe
O4 - HKLM\..\Run: [msdw.exe]

C:\WINDOWS\msdw.exe
O4 - HKLM\..\Run: [MsConfigs]

C:\Program

Files\MsConfigs\MsConfigs.exe
O4 - HKLM\..\Run: [p2pnetwork]

p2pnetwork.exe
O4 - HKLM\..\Run: [P2P

Networking]

C:\WINDOWS\System32\P2P

Networking\P2P Networking.exe

/AUTOSTART
O4 - HKLM\..\Run: [systz.exe]

C:\WINDOWS\systz.exe
O4 - HKLM\..\Run: [atlwm.exe]

C:\WINDOWS\system32\atlwm.exe
O4 - HKLM\..\RunServices:

[p2pnetwork] p2pnetwork.exe
O4 - HKLM\..\RunOnce:

[sdkzp32.exe]

C:\WINDOWS\system32\sdkzp32.exe
O4 - HKCU\..\Run: [SpyKiller]

C:\Spykiller\SpyKiller\spykille

r.exe /startup
O4 - HKCU\..\Run: [Gadwin

PrintScreen 2.6] H:\Screen

Capture\PrintScreen\PrintScreen

.exe /nosplash
O4 - HKCU\..\Run: [WeatherEye]

H:\Weather\WeatherEye.exe
O4 - HKCU\..\Run: [IncrediMail]

C:\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [p2pnetwork]

p2pnetwork.exe
O4 - HKCU\..\RunServices:

[p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Microsoft

Office.lnk = C:\Program

Files\Microsoft

Office\Office\OSA9.EXE
O6 -

HKCU\Software\Policies\Microsof

t\Internet Explorer\Control

Panel present
O8 - Extra context menu item:

&Add animation to IncrediMail

Style Box -

C:\INCRED~1\bin\resources\WebMe

nuImg.htm
O8 - Extra context menu item:

E&xport to Microsoft Excel -

res://C:\MICROS~3\Office10\EXCE

L.EXE/3000
O8 - Extra context menu item:

LimeShop Preferences -

file://C:\Program

Files\LimeShop\System\Temp\lime

shop_script0.htm
O9 - Extra button: IncrediBar -

{023FA804-DCE1-4817-94ED-6BA420

0F9AF2} - C:\Program

Files\IncrediBar\bin\IBTBar.dll
O9 - Extra button: Popup

Eliminator -

{A26ABCF0-1C8F-46e7-A67C-0489DC

21B9CC} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem:

Popup Eliminator -

{A26ABCF0-1C8F-46e7-A67C-0489DC

21B9CC} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F

795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F

795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop:

C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF:

{1D6711C8-7154-40BB-8380-3DEA45

B69CBF} -
O16 - DPF:

{2253F320-AB68-4A07-917D-4F12D8

884A06} (ChainCast VMR Client

Proxy) -

http://64.124.45.181/downloads/

ccpm_0237.cab
O16 - DPF:

{56336BCB-3D8A-11D6-A00B-0050DA

18DE71} (RdxIE Class) -

http://207.188.7.150/2359016e41

4c19f7de00/netzip/RdxIE601.cab
O16 - DPF:

{90C9629E-CD32-11D3-BBFB-00105A

1F0D68} -

http://www.installengine.com/en

gine/isetup.cab
O16 - DPF:

{CD17FAAA-17B4-4736-AAEF-436EDC

304C8C} (ContentAuditX Control)

-

http://a840.g.akamai.net/7/840/

5805/v1503/www.contentwatch.com

/audit/includes/ContentAuditCon

trol.cab
O16 - DPF:

{F00F4763-7355-4725-82F7-0DA94A

256D46} (IMDownloader Class) -

http://www2.incredimail.com/con

tents/setup/downloader/imloader

.cab
O23 - Service: Remote Procedure

Call (RPC) Helper (

11Fßä#·ºÄÖ`I) - Unknown owner

- C:\WINDOWS\system32\msfx.exe

(file missing)
O23 - Service: Ati HotKey

Poller - Unknown owner -

C:\WINDOWS\System32\Ati2evxx.ex

e
O23 - Service: ISEXEng -

Unknown owner -

C:\WINDOWS\System32\angelex.exe

(file missing)
O23 - Service: Norton AntiVirus

Auto Protect Service (navapsvc)

- Symantec Corporation -

C:\Norton\Norton

AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase

Protection (NProtectService) -

Symantec Corporation -

C:\Norton\Norton

Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver

Helper Service (NVSvc) - NVIDIA

Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking

Service (SBService) - Symantec

Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\S

CRIPT~1\SBServ.exe
O23 - Service: Symantec Network

Drivers Service (SNDSrvc) -

Symantec Corporation -

C:\Program Files\Common

Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Speed Disk

service - Symantec Corporation

- C:\Norton\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service

(SymWSC) - Symantec Corporation

- C:\Program Files\Common

Files\Symantec Shared\Security

Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown

owner - C:\WINDOWS\zeta.exe

(file missing)
  • 0

Advertisements

#2
Guest_usetobe_*
Posted 25 May 2005 - 03:32 AM

Guest_usetobe_*
  • Guest
Welcome to Geeks 2 Go. Sorry about the delay in getting to your post, we have been very busy.

Do you still require help or are your problems resolved.

Please let me know and if you still require assistance, please post a fresh HJT log.

Regards,

Usetobe
  • 0

#3
Guest_usetobe_*
Posted 21 June 2005 - 03:17 AM

Guest_usetobe_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP