Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Highjacklog - Adware-coolwebsearch


  • This topic is locked This topic is locked
2 replies to this topic

#1 jogger

jogger

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 10 August 2006 - 09:57 AM

Please take a look and help a newbie....

Logfile of HijackThis v1.99.1
Scan saved at 10:30:46 AM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\WS_FTP Pro\ftpsched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\javaih32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\Bluetooth Software\BTTray.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\crlk32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\Dell\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Documents and Settings\jduffy.RODGARD\Desktop\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {010A99FA-9882-49E3-F544-44129592A646} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CDC00C3-C698-7F19-22CE-1041D267AD05} - (no file)
O2 - BHO: (no name) - {1323364A-6290-C22E-760E-ABFCF4445116} - (no file)
O2 - BHO: (no name) - {137FBD76-C94E-29D8-CB88-FB29E07E3C8E} - (no file)
O2 - BHO: (no name) - {161F52CD-4121-1BCC-F50E-B9146F3AC521} - (no file)
O2 - BHO: (no name) - {32A6B01D-983B-8AF2-A16D-062280B34476} - (no file)
O2 - BHO: (no name) - {369847CF-6C33-1F19-CDB0-702AB6C96489} - (no file)
O2 - BHO: (no name) - {37E0589F-FCBA-2846-8D7A-5BCF4B64B27D} - (no file)
O2 - BHO: (no name) - {3C0C175E-A970-3203-8173-2907F58C423E} - (no file)
O2 - BHO: (no name) - {3C5C5913-3184-9CE4-7A8D-2A7FC8EC1538} - (no file)
O2 - BHO: (no name) - {424ECF3F-0AA

2-ED97-35AB-180E7F0F8EB4} - (no file)
O2 - BHO: (no name) - {4574EC09-FC66-92F0-4F9B-EE57CF1967DC} - (no file)
O2 - BHO: (no name) - {4D77B656-3929-8E8D-2C15-42407E685FFA} - (no file)
O2 - BHO: (no name) - {5874F8D0-E3AD-83A1-3957-B52E1289B231} - (no file)
O2 - BHO: (no name) - {5E8BA5AA-42CF-368F-88E1-1CDF46D25744} - (no file)
O2 - BHO: (no name) - {63AE9940-50A7-C986-86C8-C4559E176236} - (no file)
O2 - BHO: (no name) - {66F47A0F-B4AA-B23E-011C-BD3F255CFC72} - (no file)
O2 - BHO: (no name) - {6A5F28A5-827C-761A-6513-E7B61EAB7604} - (no file)
O2 - BHO: Class - {739621F9-67C3-6C65-8698-3424E2F1ED8C} - C:\WINDOWS\sdkir32.dll
O2 - BHO: (no name) - {7594CDB2-2B4E-236B-7B83-0CBAB9BF454F} - (no file)
O2 - BHO: (no name) - {78BD3F6B-9103-0C2E-C7D6-50C173A56B10} - (no file)
O2 - BHO: (no name) - {881BA929-1EE9-A959-CD07-026010FBF43B} - (no file)
O2 - BHO: (no name) - {8A1521DC-007D-7FD6-3EAC-277D80B4130E} - (no file)
O2 - BHO: (no name) - {99E0B23D-A95C-D9EE-CAF3-1F57FBD4D83D} - (no file)
O2 - BHO: (no name) - {9FA0B55C-2A73-0C09-6ACA-4277ABFA12BD} - (no file)
O2 - BHO: (no name) - {AB0883F4-C8BA-BD22-5D81-C51538D04FAF} - (no file)
O2 - BHO: (no name) - {AC50F23D-F99D-EE5A-71F2-ABCB913DE13A} - (no file)
O2 - BHO: (no name) - {AF788EC7-C67D-57FE-2FD3-6EC5D983BABF} - (no file)
O2 - BHO: (no name) - {BD4BD4BF-792A-00AE-4757-C53BDB4E22C1} - (no file)
O2 - BHO: (no name) - {C06E9293-E087-04C9-F3FF-87898452B262} - (no file)
O2 - BHO: (no name) - {C5844CBD-D015-394D-8C9A-B52CFEA94E45} - (no file)
O2 - BHO: (no name) - {C5B3F192-ABCE-2822-DCF4-FB06321A24FE} - (no file)
O2 - BHO: (no name) - {D0FA4573-5875-8801-7435-2625AB6EFC42} - (no file)
O2 - BHO: (no name) - {E3AEAC49-3143-318F-BE0C-F3ADBF1F53EA} - (no file)
O2 - BHO: (no name) - {E5F263EB-855A-1A55-F1D3-D540309CB7A0} - (no file)
O2 - BHO: (no name) - {EE89B29C-F8C2-66F5-411D-F327091DBEE2} - (no file)
O2 - BHO: (no name) - {F1C42DB1-6A20-CE33-C14A-D483F27B1A0D} - (no file)
O2 - BHO: (no name) - {F74D5213-8A18-F9CF-E487-AA203A37CEB8} - (no file)
O2 - BHO: (no name) - {FC4EA8BD-8171-9662-4040-64A8C42AAE7C} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [atlax.exe] C:\WINDOWS\atlax.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ieuz.exe] C:\WINDOWS\ieuz.exe
O4 - HKLM\..\Run: [ntdg32.exe] C:\WINDOWS\ntdg32.exe
O4 - HKLM\..\Run: [atlhx32.exe] C:\WINDOWS\atlhx32.exe
O4 - HKLM\..\Run: [winqo32.exe] C:\WINDOWS\winqo32.exe
O4 - HKLM\..\Run: [ntki.exe] C:\WINDOWS\ntki.exe
O4 - HKLM\..\Run: [iedg.exe] C:\WINDOWS\system32\iedg.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [atlye.exe] C:\WINDOWS\system32\atlye.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [javaih32.exe] C:\WINDOWS\javaih32.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Common Files\Scanner\ppclean.exe" "clean" "cws" "2"
O4 - HKLM\..\RunOnce: [crob.exe] C:\WINDOWS\crob.exe
O4 - HKLM\..\RunOnce: [crlk32.exe] C:\WINDOWS\system32\crlk32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Dell\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...own&unknown
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152183959517
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rodgard.local
O17 - HKLM\Software\..\Telephony: DomainName = rodgard.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D81E2DA-AB0A-4DB6-9E06-8DD8694B5B52}: NameServer = 151.202.0.84,199.45.32.43
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rodgard.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Dell\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP Pro\ftpsched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:09:42 AM

Posted 10 August 2006 - 11:49 AM

Please download
AboutBuster.
  • Double click the AboutBuster folder, then double click the AboutBuster.exe inside.
  • Click "Extract all" in the box that pops up, then "Next"
  • Choose the location you would like to install AboutBuster, such as My Documents.
  • Make sure "Show extracted files" is checked, then click "Finish".
  • Reboot to safe mode by continually tapping the F8 key as the computer begins to boot.
  • Open AboutBuster and click the "Begin Removal" button. It will shut down all Explorer windows (if open) while it works.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into normal mode.
  • Please post the logfile from aboutbuster

Edited by pomp, 10 August 2006 - 11:52 AM.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD


#3 pomp

pomp

    Malware Fighter


  • Members
  • 362 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Jersey Shore
  • Local time:09:42 AM

Posted 25 August 2006 - 09:23 AM

Due to inactivity, this topic is now closed.
If you need it reopened please contact a moderator with a link to this thread to reopen it.
Everyone else start a new topic.


My help in removing spyware is free, but if you'd like to donate: Donate



PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users