Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackTHis log posted - Plz help


  • This topic is locked This topic is locked
8 replies to this topic

#1 fivestar

fivestar

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 22 June 2004 - 01:09 PM

Hey, was wondering if someone can take a look at my hijackthis log and help me out. My desktop background has been changed, and I can't change it back. Also getting redirected webpages. Here;s my log:
Thanks for the help!
Adam

-----------------------------------------------------------------------------------------------
Logfile of HijackThis v1.97.7
Scan saved at 1:53:27 PM, on 6/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Roxio\WinOnCD\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
D:\SpyFerret\SFerret.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\usr.USR-V48X8KB7KHH\Local Settings\Temp\Temporary Directory 6 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\downloaded games\nimo\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\WinOnCD\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM)
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quartz.atkinson.yorku.ca/qp2.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8052.5431712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:02 PM

Posted 22 June 2004 - 02:05 PM

I do not see anything wrong. Did you install quicktime into the downloaded games folder?

O4 - HKLM\..\Run: [QuickTime Task] "D:\downloaded games\nimo\qttask.exe" -atboottime

?

#3 fivestar

fivestar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 22 June 2004 - 02:17 PM

Yup, that was installed there. My desktop background seems to be that of a web page, saying Danger ... spyware removal click here. I cannot get rid of this or put back a normal background. Do you have any idea or possible solutions?
Thanks for your time!
Adam

Edited by fivestar, 22 June 2004 - 02:17 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:02 PM

Posted 22 June 2004 - 02:49 PM

Close all open windows, and right click on an empty portion of your desktop.

Left click on properties, and click on the desktop tab. Then click customize and then web.

Tell me how you have that setup

#5 fivestar

fivestar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 22 June 2004 - 03:31 PM

I just found another way around getting my desktop background back to normal, in fact there wasn't even any empty portion on the desktop. However everything seems to be normal again and my setup of display properties after going to desktop, customize and web; neither of my current home page or lock desktop item boxes are checked. Is there anything I should do regarding that setup?
Thanks a lot Grinler, I truly appreciate you going through all of this with me
Adam

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:02 PM

Posted 22 June 2004 - 04:52 PM

Nope leave those alone. What was it you did to fix the problem?

#7 fivestar

fivestar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 23 June 2004 - 10:01 AM

After trying everything, with nothing actually working, I just decided to create a new user account. In the case of something like this happening again, what would I do with my desktop properties???
Thanks
Adam

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:02 PM

Posted 23 June 2004 - 11:11 AM

Not sure to be honest. We would have dug deeper to see what we can find.

#9 fivestar

fivestar
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 23 June 2004 - 12:19 PM

Just wanna thank Grinler for taking the time to help me solve my problem!
Thanks man :thumbsup:
Adam




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users