Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HIJACKTHIS LOG..CWS.LOOK2ME

Started by anonymousmay , Jun 24 2005 12:00 PM

  • Please log in to reply

#1
anonymousmay
Posted 24 June 2005 - 12:00 PM

anonymousmay

    New Member

  • Member
  • Pip
  • 3 posts
I've done all the steps, and everytime I restart my computer...it keeps coming back! plus, after I restart it and when it logs back on, it restarts it again without any of my control. Can you please help me??? here's this hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 10:59:29 AM, on 6/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\rundll32.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINNT\vsnpstd2.exe
D:\WINNT\SM1BG.EXE
D:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
D:\WINNT\LTMSG.exe
D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Valve\Steam\Steam.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Documents and Settings\May1\Desktop\HijackThis.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
D:\WINNT\System32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [YBrowser] D:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WildTangent CDA] "D:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SNPSTD2] D:\WINNT\vsnpstd2.exe
O4 - HKLM\..\Run: [SM1BG] D:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IPInSightMonitor 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [checkrun] D:\winnt\system32\eliteend32.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE D:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: ShellScrap - D:\WINNT\system32\ulrsvpia.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\System32\HPZipm12.exe

please reply asap.. :tazz: i've had adware before, but I just started over with my computer.
  • 0

Advertisements

#2
anonymousmay
Posted 24 June 2005 - 04:40 PM

anonymousmay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
well...i got rid of the cws.look2me i think. but i'm not sure what else to get rid of... i'm stil getting popups, just fewer popups. here's my hijack log.


Logfile of HijackThis v1.99.1
Scan saved at 3:38:58 PM, on 6/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINNT\vsnpstd2.exe
D:\WINNT\SM1BG.EXE
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\LTMSG.exe
D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\wuauclt.exe
D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\May1\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [YBrowser] D:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SNPSTD2] D:\WINNT\vsnpstd2.exe
O4 - HKLM\..\Run: [SM1BG] D:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IPInSightMonitor 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [checkrun] D:\winnt\system32\eliteend32.exe
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\System32\HPZipm12.exe


I'm pretty sure i have to find a way to get rid of O4 - HKLM\..\Run: [checkrun] D:\winnt\system32\eliteend32.exe but idunno how. can u please help me?
  • 0

#3
anonymousmay
Posted 24 June 2005 - 05:19 PM

anonymousmay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I just need a confirmation. I'm pretty sure i got rid of everything now after researching many sites off the internet. I just need one last confirmation to tell me I don't have to get rid of anything else.

Logfile of HijackThis v1.99.1
Scan saved at 4:14:08 PM, on 6/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
D:\WINNT\vsnpstd2.exe
D:\WINNT\SM1BG.EXE
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\LTMSG.exe
D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\AIM\aim.exe
D:\WINNT\System32\wuauclt.exe
D:\WINNT\System32\wuauclt.exe
D:\Documents and Settings\May1\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [YBrowser] D:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SNPSTD2] D:\WINNT\vsnpstd2.exe
O4 - HKLM\..\Run: [SM1BG] D:\WINNT\SM1BG.EXE
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [IPInSightMonitor 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 02] "D:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l


O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKCU\..\Run: [Steam] D:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINNT\System32\HPZipm12.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP