Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CWS_NS3 Hijacker


  • Please log in to reply
5 replies to this topic

#1 cariad

cariad

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 07 February 2005 - 03:28 PM

Hi,

Tried ad-aware, spybot, a2, and now hijackthis.exe, nothing previously has managed to delete the problem from rebooting with the computer. My browser has changed and I get lots of nudie popups, I have made a logfile from hijackthis.exe and am hoping that someone can look at it and inform me which files to delete.

here is the logfile

Logfile of HijackThis v1.99.0
Scan saved at 20:00:08, on 07/02/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
C:\WINNT\ipdk32.exe
C:\WINNT\d3bp32.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\djgvz.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E88E7F1E-E137-68F6-A823-B32FF6B99A37} - C:\WINNT\javarr32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [winru32.exe] C:\WINNT\system32\winru32.exe
O4 - HKLM\..\Run: [d3bp32.exe] C:\WINNT\d3bp32.exe
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: BT Voyager Wireless Utility.lnk = C:\Program Files\BT Voyager\BT Voyager Wireless\WLM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Workstation NetLogon Service - Unknown - C:\WINNT\ipdk32.exe

I look forward to hearing from anyone who can help

Cheers
Chris

BC AdBot (Login to Remove)

 


#2 JackTheHaack

JackTheHaack

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Location:Queensland, Australia.
  • Local time:07:03 AM

Posted 07 February 2005 - 10:09 PM

Hi cariad & :thumbsup: to BC.

Please post your log in the HJT forum as you will get a much better response there.

Good Luck. :flowers:
JTH

#3 cariad

cariad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 09 February 2005 - 06:04 AM

Thanks Jack

I will do just that.......... :thumbsup:

wish you well

Christine

#4 djmill

djmill

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 10 February 2005 - 06:39 AM

I am having the same problem. Did you find a solution?

#5 cariad

cariad
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 February 2005 - 02:54 AM

In the end I took the computer to the supplier who sorted it out for me, I dont have enough experience to start messing with the registry.

I hope you find a solution too.

good luck

Christine

#6 jpbc9999

jpbc9999

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 15 February 2005 - 10:11 AM

djmill. a monkey could do it [if i can...lol]. its easy. make your own log and post it. some one there will tell you what to fix. make sure you unzip hijackthis into C:\hijackthis or else it wont work correctly. Post it in hjt forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users