|
-
July 13th, 2004, 12:24 PM
#1
Registered User
Recurring Hijack - arrgghh
Hi All!
Well.. I've run Spybot, Ad-Aware, etc.. a gazillion times (all up to date) , and I'm STILL getting hijacked bigtime.. changes my homepage to "about:blank" MSIE opens up to create numerous pop-ups 50.. 60.. etc.. until I kill the process or system freezes. This has me CRAZY as I can't get a thing done for the past 2 days.
below is a copy of my latest Hijack This logfile. ANY HELP would be GREATLY appreciated!
-------------------- Begin Logfile ------------------
Logfile of HijackThis v1.98.0
Scan saved at 12:33:52 PM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\ec27ser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Search Engine Commando\ScheduleService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Program Files\Aladdin Systems\StuffIt Standard\stuffit.exe
C:\~qgm\temp\HijackThis_1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qgm.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Ad Rage] C:\Program Files\Ad Rage\adrage.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.e xe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: SnS DeskMate.LNK = C:\Program Files\DeskMates\SnS\SnS.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Help - {901814B0-0503-4AE8-B035-78A796209B11} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {993F3153-B25D-415A-95CC-D9361031A464} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {DDE96853-CCE3-4789-861B-E00992C6B09E} - http://www.comcast.net (file missing) (HKCU)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: ConferenceRoom Java Client - http://216.152.65.174:8000/java/cr.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt3_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potb_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti...l_v1-0-3-9.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/189886f163cac5c...p/RdxIE601.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/...rxsigned35.cab
O16 - DPF: {B7BCF6D1-6EF6-11D2-97A1-0000C0EAE6E4} (Sausage Software Installer/Uninstaller) - http://autodownload.sausage.com/Installer.cab
O16 - DPF: {EC1AFAB0-2FEB-11D2-9777-0000C0EAE6E4} (Sausage Software Autodownloader) - http://autodownload.sausage.com/IEAutoDL.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
-------------------- End Logfile ------------------
again, any help anyone can give would be greatly appreciated. THANKS IN ADVANCE!
Gary
-
July 13th, 2004, 05:16 PM
#2
MegaMod
Hi Gary,
Concerning your constant popups, you might want to check out Google Toolbar. From what I've seen, it will stop about 90% or so of those annoying popups.
A lot of people also like using Zone Alarm by ZoneLabs. There is a free version to download. Once you get it configured, you decide whether to let programs access the internet, etc.
Are you running Norton Anti-Virus? Which version? Is it all up-to-date?
Do you have the latest Updates from Micro$oft?
I would try booting into Safe Mode. Run your Adaware and/or Spybot then. You might need to run those programs a couple of times to get rid of everything.
A lot of game sites have trojans and tons of popups. It is possible that you got it from one of them. Just a guess.
Let us know how it goes...Good Luck!
Last edited by DonJ; July 13th, 2004 at 05:51 PM.
-
July 13th, 2004, 05:32 PM
#3
MegaMod
Also, check out NooNoo's nice thread, How to fix popups, spyware, malware and nuisance programs
It has a place that specifically addresses "hijack this" and how to interpret what it says.
Last edited by DonJ; July 13th, 2004 at 05:52 PM.
-
July 14th, 2004, 06:37 AM
#4
Driver Terrier
Yes you have Wintools:
C:\WINDOWS\system32\winlogon.exe
good how to here
Then go through the link on how to fix popups to catch anything else.
-
July 14th, 2004, 08:53 PM
#5
Registered User
I had a spyware program on my pc that kept coming back after multiple eliminations with spybot and ad-aware. I finally found it by installing the zonealarm firewall software and let it monitor every program goin out to the internet. It came up with up "rundll32.exe is trying to access the internet" message, I told it not to allow it and then I got an error message from a program called mrcapsy or something deep in the windows registry. I eliminated that key and it never came back but what a pain. It didn't show up in hijackthis, I think because it didn't run continually in the background. All I know is I hope I never see anything like this again. 
"You've been livin' on the razor's edge, since you began to shave...
Make sure you live, you're a long time dead, cradle to the grave"-Motorhead
-
July 14th, 2004, 09:20 PM
#6
Registered User
 Originally Posted by cabal
I had a spyware program on my pc that kept coming back after multiple eliminations with spybot and ad-aware. I finally found it by installing the zonealarm firewall software and let it monitor every program goin out to the internet. It came up with up "rundll32.exe is trying to access the internet" message, I told it not to allow it and then I got an error message from a program called mrcapsy or something deep in the windows registry. I eliminated that key and it never came back but what a pain. It didn't show up in hijackthis, I think because it didn't run continually in the background. All I know is I hope I never see anything like this again.
Try Mozilla Firefox. It's free.
I've gotten 5 people to try it for a week so far and all of them still use it. Did I mention it's free? It's also noticably faster than IE and it's free.
-
July 14th, 2004, 10:16 PM
#7
try CW shredder
TRY CW shredder. it finds most webpage hijacks and removes where as spybot and adaware didn't
Similar Threads
-
By josh0678 in forum Spyware & Antivirus - Security
Replies: 7
Last Post: July 13th, 2004, 12:57 PM
-
By Cyto in forum Spyware & Antivirus - Security
Replies: 10
Last Post: December 18th, 2003, 11:33 PM
-
By partime in forum Tech-To-Tech
Replies: 2
Last Post: April 16th, 2003, 10:47 AM
-
Replies: 6
Last Post: July 7th, 2001, 11:06 AM
-
By Llanelli in forum Tech-To-Tech
Replies: 6
Last Post: November 14th, 2000, 10:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
Bookmarks