943,793 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > HijackThis log...can someone take a look?
Ad:
Permalink
May 6th, 2004
0

HijackThis log...can someone take a look?

Expand Post »
this computer has been having some weird problems when searching on google. it will pop up a small window after clicking Search on the main page and the first page is full of ads. I have to go to the second page to get to the first page of results. Here is the log, thanks in advance.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AnVir Task Manager\AnVir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mmc.exe
C:\Documents and Settings\Jeremy\My Documents\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: @Jþ ˆþ
O1 - Hosts: �þ
O1 - Hosts: @JH@JH�H�H˜H˜H�aH ˆH�H�H˜H˜H H H¨H¨H°H°øH
O1 - Hosts: �H˜H˜H H H¨H¨H°H°H¸H¸HÀHÀHÈHÈH�H�HØHØHêHêHèHèHðHðHøHøH
O1 - Hosts: @JI@JIðbIðbI˜I˜I I I˜<I˜<I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI ˆI�I�I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI
O1 - Hosts: �I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: proxyflagtray - {123A5772-3775-151F-988D-203ED10492A5} - C:\PROGRA~1\Webarmy\For grey.dll
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [Uninstall_WinTools] C:\DOCUME~1\Jeremy\LOCALS~1\Temp\WTuninst.exe remove
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnVir Task Manager] "C:\Program Files\AnVir Task Manager\AnVir.exe" Minimized
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Saidin is offline Offline
4 posts
since May 2004
Permalink
May 6th, 2004
0

Re: HijackThis log...can someone take a look?

Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing

O1 - Hosts: 207.36.196.189 auto.search.msn.com
O1 - Hosts: 207.36.196.189 search.netscape.com
O1 - Hosts: 207.36.196.189 ieautosearch
O1 - Hosts: @Jþ ˆþ
O1 - Hosts: �þ
O1 - Hosts: @JH@JH�H�H˜H˜H�aH ˆH�H�H˜H˜H H H¨H¨H°H°øH
O1 - Hosts: �H˜H˜H H H¨H¨H°H°H¸H¸HÀHÀHÈHÈH�H�HØHØHêHêHèHèHðHðHøHøH
O1 - Hosts: @JI@JIðbIðbI˜I˜I I I˜<I˜<I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI ˆI�I�I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI
O1 - Hosts: �I˜I˜I I I¨I¨I°I°I¸I¸IÀIÀIÈIÈI�I�IØIØIêIêIèIèIðIðIøIøI

O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: proxyflagtray - {123A5772-3775-151F-988D-203ED10492A5} - C:\PROGRA~1\Webarmy\For grey.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004
Permalink
May 6th, 2004
0

Re: HijackThis log...can someone take a look?

ok thanks.


That done, I'm still getting the google weirdness. I took a screen cap of it.
http://www.thesevenkingdoms.net/Jeremy/google1.jpg

any suggestions?
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Saidin is offline Offline
4 posts
since May 2004
Permalink
May 7th, 2004
0

Re: HijackThis log...can someone take a look?

Post another log please so we can be sure the thing hasn't come back.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: another bridgedll. error and also hijackthis log
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: 35 processes, need to trim the fat





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC