1
   

Hijack please help...wits end!

Forums: Computers
Email this Topic Print this Page
 
 
todda3
 
Reply Wed 25 Aug, 2004 07:32 pm
Hi...any help you give me would most greatly be appreciated. I followed the step by step tutorial on how to get rid of the trojan coolsearch found here http://www.able2know.com/forums/about21407.html. But I haven't been able to get rid of it after numberous attempts. When I run the internet there appears to be hidden webpages scrolling through various adult sites. Also, I can no longer type: "www.google.com" ... it just takes me to me c drive and a cannot find page. I am really at my wits end. This is my hijack log. Please help! This my hijack log:

Logfile of HijackThis v1.97.7
Scan saved at 9:26:04 PM, on 8/25/2004
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINDOWS\loadqm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\HP Authorized Custom\Application Data\hera.exe
C:\Program Files\Soulseek\slsk.exe
c:\windows\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\telnet.exe
C:\Documents and Settings\HP Authorized Custom\Desktop\hijack this\HijackThis.exe
C:\Documents and Settings\HP Authorized Custom\Desktop\hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://line-plus.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://line-plus.com/sweb/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://line-plus.com/sweb/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://line-plus.com/search/
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Snah] C:\Documents and Settings\HP Authorized Custom\Application Data\hera.exe
O4 - HKCU\..\Run: [StartPage] c:\windows\rundll32.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O9 - Extra button: AIM (HKLM)
O13 - DefaultPrefix: http://line-plus.com/p/
O13 - WWW Prefix: http://line-plus.com/p/
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/tttxxsp.chm::/on-line.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - file://c:\x.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 465 • Replies: 1
No top replies

 
Don77
 
  1  
Reply Thu 26 Aug, 2004 08:35 pm
See this post Here to link to get the, latest version of HJT, CWShredder and Ad-aware.
Download the programs listed above, follow the instructions for installing the new version of HJt into a dedicated folder, remove the older version, also for configuring Ad-awareand running a scan with it, Check CWS for updates and be sure and click on the "fix" button

Please restart HJT put a check next to the following if they still exist, close all open windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://line-plus.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://line-plus.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://line-plus.com/sweb/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://line-plus.com/sweb/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://line-plus.com/search/
O4 - HKCU\..\Run: [StartPage] c:\windows\rundll32.exe
O13 - DefaultPrefix: http://line-plus.com/p/
O13 - WWW Prefix: http://line-plus.com/p/
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/tttxxsp.chm::/on-line.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - file://c:\x.cab



Next reboot tosafe mode (by tapping the F8 key on start up)
Rescan again with CWS and Ad-aware same way as above,
Restart your computer,
Scan your system with bitdefender from the link above,
Next
Restart the updated version of HJT and post back a fresh log please
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Hijack please help...wits end!
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 12/24/2025 at 04:44:45