Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:good


  • Please log in to reply
2 replies to this topic

#1 carmack1

carmack1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 30 April 2005 - 07:42 PM

Can somebody read my log and tell me how to get rid of the about:good hijacking browser? First, I need to know how to send my log.

BC AdBot (Login to Remove)

 


#2 dana denise

dana denise

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 30 April 2005 - 07:53 PM

hi, maybe this may be of help :thumbsup:
http://www.bleepingcomputer.com/forums/How...s_Log-t956.html

#3 carmack1

carmack1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 30 April 2005 - 07:57 PM

okay, I am going to copy and paste my log


Logfile of HijackThis v1.99.1
Scan saved at 8:39:48 PM, on 4/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\DRMON\SMARTAGT\SMARTAGT.EXE
C:\WINDOWS\CPQALERT.EXE
C:\WINDOWS\SYSTEM\SYSUC32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSSTAT.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SRVC32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\COLOR\HGCCTL95.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\MGACTRL.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSSB32.EXE
C:\WP.EXE
C:\PROGRAM FILES\MATROX MGA POWERDESK\QDESK\MGAQDESK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSLQ.EXE
C:\WINDOWS\SYSLQ.EXE
C:\WINDOWS\ATLRN.EXE
C:\WINDOWS\SYSLQ.EXE
C:\WINDOWS\SYSTEM\JAVAAY.EXE
C:\WINDOWS\SYSLQ.EXE
C:\WINDOWS\ATLSL.EXE
C:\WINDOWS\ATLSL.EXE
C:\WINDOWS\SYSTEM\APITD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSLQ.EXE
C:\WINDOWS\APPMH.EXE
C:\WINDOWS\ATLSL.EXE
C:\WINDOWS\SYSTEM\D3MF.EXE
C:\WINDOWS\SYSTEM\D3MF.EXE
C:\WINDOWS\SDKEE.EXE
C:\WINDOWS\SDKEE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ATLRN.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zfmfj.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {D4CEAE5B-2A69-4AA5-CFC7-D52036D3AEC2} - C:\WINDOWS\APIAE.DLL
O2 - BHO: Class - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - C:\WINDOWS\NTHD32.DLL
O4 - HKLM\..\Run: [Local runole service] C:\WINDOWS\System\srvc32.exe
O4 - HKLM\..\Run: [NAI_INSTALL_SCAN] "c:\Program Files\Common Files\Network Associates\On Demand Scanner\Scan32\scan32.exe" c:\ /autoscan /autoexit
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -off
O4 - HKLM\..\Run: [Matrox Color Control] C:\Program Files\Matrox MGA PowerDesk\Color\hgcctl95.exe
O4 - HKLM\..\Run: [Matrox Control Center] C:\Program Files\Matrox MGA PowerDesk\mgactrl.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService] c:\Program Files\Network Associates\VirusScan\AVSYNMGR.EXE
O4 - HKLM\..\RunServices: [dRMON SmartAgent] drmon\SmartAgt\SmartAgt.exe
O4 - HKLM\..\RunServices: [CPQALERT] CPQAlert.exe
O4 - HKLM\..\RunServices: [SYSUC32.EXE] C:\WINDOWS\SYSTEM\SYSUC32.EXE /s
O4 - HKLM\..\RunServices: [SYSLQ.EXE] C:\WINDOWS\SYSLQ.EXE /s
O4 - HKLM\..\RunServices: [ATLRN.EXE] C:\WINDOWS\ATLRN.EXE /s
O4 - HKLM\..\RunServices: [JAVAAY.EXE] C:\WINDOWS\SYSTEM\JAVAAY.EXE /s
O4 - HKLM\..\RunServices: [ATLSL.EXE] C:\WINDOWS\ATLSL.EXE /s
O4 - HKLM\..\RunServices: [APITD.EXE] C:\WINDOWS\SYSTEM\APITD.EXE /s
O4 - HKLM\..\RunServices: [APPMH.EXE] C:\WINDOWS\APPMH.EXE /s
O4 - HKLM\..\RunServices: [D3MF.EXE] C:\WINDOWS\SYSTEM\D3MF.EXE /s
O4 - HKLM\..\RunServices: [SDKEE.EXE] C:\WINDOWS\SDKEE.EXE /s
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O4 - HKCU\..\RunServices: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\RunServices: [Matrox QuickDesk] C:\Program Files\Matrox MGA PowerDesk\QDesk\mgaqdesk.exe
O13 - WWW. Prefix: http://
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = danzer.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users