DaniWeb IT Discussion Community

DaniWeb IT Discussion Community (http://www.daniweb.com/forums/index.php)
-   Viruses, Spyware and other Nasties (http://www.daniweb.com/forums/forum64.html)
-   -   HijackThis log...can someone take a look? (http://www.daniweb.com/forums/thread5800.html)

Saidin May 6th, 2004 7:55 am
HijackThis log...can someone take a look?
 
this computer has been having some weird problems when searching on google. it will pop up a small window after clicking Search on the main page and the first page is full of ads. I have to go to the second page to get to the first page of results. Here is the log, thanks in advance.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Jeremy\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: @Jþ ˆþ
O1 - Hosts: �þ
O1 - Hosts: @JH@JH�H�H˜H˜H�aH ˆH�H�H˜H˜H H H¨H¨H°H°øH
O1 - Hosts: �H˜H˜H H H¨H¨H°H°H¸H¸HÀHÀHÈHÈH�H�HØHØHêHêHèHèHðHðHøHøH
O1 - Hosts: @JI@JIðbIðbI˜I˜I I I˜<I˜<I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI ˆI�I�I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI
O1 - Hosts: �I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: proxyflagtray - {123A5772-3775-151F-988D-203ED10492A5} - C:\PROGRA~1\Webarmy\For grey.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\DOCUME~1\Jeremy\LOCALS~1\Temp\WTuninst.exe remove
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

crunchie May 6th, 2004 9:31 am
Re: HijackThis log...can someone take a look?
 
Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing

O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: @Jþ ˆþ
O1 - Hosts: �þ
O1 - Hosts: @JH@JH�H�H˜H˜H�aH ˆH�H�H˜H˜H H H¨H¨H°H°øH
O1 - Hosts: �H˜H˜H H H¨H¨H°H°H¸H¸HÀHÀHÈHÈH�H�HØHØHêHêHèHèHðHðHøHøH
O1 - Hosts: @JI@JIðbIðbI˜I˜I I I˜<I˜<I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI ˆI�I�I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI
O1 - Hosts: �I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI

O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: proxyflagtray - {123A5772-3775-151F-988D-203ED10492A5} - C:\PROGRA~1\Webarmy\For grey.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

Saidin May 6th, 2004 9:55 am
Re: HijackThis log...can someone take a look?
 
ok thanks.


That done, I'm still getting the google weirdness. I took a screen cap of it.
http://www.thesevenkingdoms.net/Jeremy/google1.jpg

any suggestions?

crunchie May 7th, 2004 5:38 am
Re: HijackThis log...can someone take a look?
 
Post another log please so we can be sure the thing hasn't come back.


All times are GMT -4. The time now is 9:19 pm.

Forum system based on vBulletin Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
©2003 - 2010 DaniWeb® LLC