Hijack This Logfile Support

Question

champ57 0 Newbie Poster

20 Years Ago

Can someone please help me determine what items I should eliminate, as they are likely responsible for my homepage being redirected to an unknown site .... as well as the abundance of pop-ups. I have Google toolbar with pop_up blocker but that does not prevent these new breed of pop_ups

Logfile of HijackThis v1.97.7
Scan saved at 12:41:53 PM, on 12/6/2003
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\tp4mon.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\PROGRA~1\COMMON~2\ADDRES~1\comwiz.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\winnt\msbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\DWAYNE~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~2\ADDRES~1\cnbabe.dll
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: (no name) - {420636e7-93a0-4fc6-98d7-37ad8e2f7cd7} - C:\DOCUME~1\DWAYNE~1\APPLIC~1\crthouagrou.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: oqeaealykng - {6bf2f755-0534-4e8e-a4fc-07957af4d702} - C:\DOCUME~1\DWAYNE~1\APPLIC~1\crthouagrou.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [CJQ] C:\WINNT\CJQ.exe
O4 - HKLM\..\Run: [PGStub.exe] C:\dp-b23011805.exe
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [Belt] C:\WINNT\Belt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [winnet] C:\PROGRA~1\COMMON~2\ADDRES~1\winnet.exe
O4 - HKLM\..\Run: [msbb] C:\winnt\msbb.exe
O4 - HKLM\..\Run: [WinEssential] C:\WINNT\System32\Keyhost.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Add A Page Note - C:\Program Files\CommonName\AddressBar\createnote.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Bookmark This Page - C:\Program Files\CommonName\AddressBar\createbookmark.htm
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Email This Link - C:\Program Files\CommonName\AddressBar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Program Files\CommonName\AddressBar\navigate.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O11 - Options group: [CommonName] CommonName
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37917.710775463
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

windows-virus

2 Contributors
1 Reply
137 Views
7 Hours Discussion Span
Latest Post 20 Years Ago Latest Post by TallCool1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

TallCool1 81 Practically a Posting Shark Team Colleague · Answer 1 · 2003-12-07T04:32:05+00:00

Can someone please help me determine what items I should eliminate, as they are likely responsible for my homepage being redirected to an unknown site .... as well as the abundance of pop-ups. I have Google toolbar with pop-up blocker but that does not prevent these new breed of pop-ups

Where do I start? You have been hijacked! CommonName is only the most obvious. There are also a plethora of Browser Helper Objects (BHOs), most of which are hijackers.

If you want to know about what's in your startup, see http://www.pacs-portal.co.uk/startup_pages/startup_full.php
For more details about hijacking scumware in general, the two best sources that I've found so far:
http://www.mvps.org/inetexplorer/Darnit.htm and http://aumha.org/a/parasite.htm

Start the repairs by downloading Spybot -Search & Destroy via http://Security.Kolla.de and Ad-Aware 6.181 (or later) via http://www.LavaSoft.nu. Update both programs with the new reference files before doing a scan. It's not so much that you absolutely need both as it's a good cross-check; spyware authors are sneaky.

Make sure that your Windows 2000 patches are up-to-date. You should also go to the Gibson Research website. There, you can download the utilities Shoot the Messenger and Unplug Plug 'n' Pray to further secure your system.

That should get you started.