Viruses, Spyware and...

Viruses, Spyware and other Nasties RSS

HijackThis log...can someone take a look?

•

Join Date: May 2004

Posts: 4

Reputation: Saidin is an unknown quantity at this point

Solved Threads: 0

Saidin

Offline

Newbie Poster

HijackThis log...can someone take a look?

May 6th, 2004

this computer has been having some weird problems when searching on google. it will pop up a small window after clicking Search on the main page and the first page is full of ads. I have to go to the second page to get to the first page of results. Here is the log, thanks in advance.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Jeremy\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: @Jþ ˆþ
O1 - Hosts: �?þ
O1 - Hosts: @JH@JH�?H�?H˜H˜H�?aH ˆH�?H�?H˜H˜H H H¨H¨H°H°øH
O1 - Hosts: �?H˜H˜H H H¨H¨H°H°H¸H¸HÀHÀHÈHÈH�?H�?HØHØHêHêHèHèHðHðHøHøH
O1 - Hosts: @JI@JIðbIðbI˜I˜I I I˜<I˜<I°I°I¸I¸IÀIÀIÈIÈI�?I�?IØIØIêIêIèIèIðIðIøIøI ˆI�?I�?I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�?I�?IØIØIêIêIèIèIðIðIøIøI
O1 - Hosts: �?I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�?I�?IØIØIêIêIèIèIðIðIøIøI
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: proxyflagtray - {123A5772-3775-151F-988D-203ED10492A5} - C:\PROGRA~1\Webarmy\For grey.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\DOCUME~1\Jeremy\LOCALS~1\Temp\WTuninst.exe remove
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

•

Join Date: Feb 2004

Posts: 9,982

Reputation: crunchie is a splendid one to behold

Solved Threads: 754

crunchie

Offline

Spyware Killer

Re: HijackThis log...can someone take a look?

May 6th, 2004

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing

O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: @Jþ ˆþ
O1 - Hosts: �?þ
O1 - Hosts: @JH@JH�?H�?H˜H˜H�?aH ˆH�?H�?H˜H˜H H H¨H¨H°H°øH
O1 - Hosts: �?H˜H˜H H H¨H¨H°H°H¸H¸HÀHÀHÈHÈH�?H�?HØHØHêHêHèHèHðHðHøHøH
O1 - Hosts: @JI@JIðbIðbI˜I˜I I I˜<I˜<I°I°I¸I¸IÀIÀIÈIÈI�?I�?IØIØIêIêIèIèIðIðIøIøI ˆI�?I�?I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�?I�?IØIØIêIêIèIèIðIðIøIøI
O1 - Hosts: �?I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�?I�?IØIØIêIêIèIèIðIðIøIøI

O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: proxyflagtray - {123A5772-3775-151F-988D-203ED10492A5} - C:\PROGRA~1\Webarmy\For grey.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster

•

Join Date: May 2004

Posts: 4

Reputation: Saidin is an unknown quantity at this point

Solved Threads: 0

Saidin

Offline

Newbie Poster

Re: HijackThis log...can someone take a look?

May 6th, 2004

ok thanks.

That done, I'm still getting the google weirdness. I took a screen cap of it.
http://www.thesevenkingdoms.net/Jeremy/google1.jpg

any suggestions?