 |  |  |  |  |  |  |  |
HijackThis log file
Thread Solved
 |
Hi guys... I was wondering if anyone could help me with my HijackThis log file..
Everytime I connect to the Internet I get searchcentral.cc as my start page, and I´ve tried to change it, but when I reboot it comes back... I'm not sure what to fix, so if you could tell me it would be great..
Here's my log file:
Logfile of HijackThis v1.97.7
Scan saved at 04:48:16 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe
C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\Daniel\Configuración local\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4384
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4384
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update12.js
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7886.732974537
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32C20557-06D5-4E22-BD8C-48903EE62F12}: NameServer = 200.23.242.196 200.23.242.202
Thanx!
Everytime I connect to the Internet I get searchcentral.cc as my start page, and I´ve tried to change it, but when I reboot it comes back... I'm not sure what to fix, so if you could tell me it would be great..
Here's my log file:
Logfile of HijackThis v1.97.7
Scan saved at 04:48:16 p.m., on 29/03/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe
C:\Archivos de programa\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe
C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\ARCHIV~1\WINZIP\winzip32.exe
C:\Documents and Settings\Daniel\Configuración local\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4384
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4384
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [vptray] C:\ARCHIV~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Archivos de programa\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update12.js
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Archivos de programa\Messenger\Msgslang.dll,-61144 (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7886.732974537
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32C20557-06D5-4E22-BD8C-48903EE62F12}: NameServer = 200.23.242.196 200.23.242.202
Thanx!
does it redirect or does it automatically go there directly?
A Hacker's Mind:
"I thought what I'd do was, I'd pretend I was one of those deaf-mutes..." - J.D.Salinger
"I thought what I'd do was, I'd pretend I was one of those deaf-mutes..." - J.D.Salinger
•
•
Join Date: Dec 2003
Posts: 2,414
Reputation: 
Solved Threads: 123
Fix these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4384
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4384
...They seem like they'll take care of the problem. Tried doing a Google search for "searchcentral"+"spyware" yet?
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4384
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4384
...They seem like they'll take care of the problem. Tried doing a Google search for "searchcentral"+"spyware" yet?
Alex Cavnar, aka alc6379
•
•
Join Date: May 2003
Posts: 865
Reputation:
Solved Threads: 43
Practically a Posting Shark
•
•
•
•
Originally Posted by Adrix99
Everytime I connect to the Internet I get searchcentral.cc as my start page, and I´ve tried to change it, but when I reboot it comes back... I'm not sure what to fix, so if you could tell me it would be great..
First problem: IE patches are needed. You are way behind.
C:\ARCHIV~1\WINZIP\winzip32.exe
Versions of WinZip prior to v9.0 are security risks. See this link.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4384
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4384
O4 - HKLM\..\RunOnce: [tlc] C:\WINDOWS\update12.js
These are your main problem. The Java applet is what keeps reinstalling the searches. Delete the .js file on the next boot after removal.
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office10\OSA.EXE
These are resource wasters and excess baggage and can be safely removed.
-- Michael RudasHow To Ask Questions The Smart Way (article by Eric Raymond).
Dealing with Malware
My Articles page.
My Best-of-Breed Free Software for Windows list
Other Windows- & Microsoft-related links
The Audio Tech's Page
My blog
The Oak Park Computer Club
PenguiCon 4.0 Open Source & Science Fiction convention, April 21-23, 2006.
Knoppix Linux (CD-bootable) download. information, & support.
|
Similar Threads
- Hi all i'm new to the fourm and need someone to decipher a hijackthis log file PLZ!! (Viruses, Spyware and other Nasties)
- Help with a Hijackthis log file (Viruses, Spyware and other Nasties)
- My HiJackThis Log File (Viruses, Spyware and other Nasties)
- HijackThis Log file, not sure what to delete (Viruses, Spyware and other Nasties)
- hijackThis log file (Viruses, Spyware and other Nasties)
- Could u please have a look on my HijackThis Log file? (Viruses, Spyware and other Nasties)
- Bridge.dll error please help me here is my hijackthis log file! (Viruses, Spyware and other Nasties)
- Hijackthis log file (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: IE6 has been constantly hijacked by ....
- Next Thread: Hijackthis log file
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday