Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Shakabpa

8 Posts

2246

August 14th, 2004 19:00

Help w/ new browserhijack/spyware problems

Another attempt to download spyware was made on my computer.  Here's the latest Hijack This Log.  Any advice?

Logfile of HijackThis v1.98.1
Scan saved at 1:23:57 PM, on 8/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Microsoft® JavaScript® Console - {065DAB73-3786-4CDE-A925-4AE6C3DACB3A} - (no file)
O9 - Extra 'Tools' menuitem: JavaScript Console - {065DAB73-3786-4CDE-A925-4AE6C3DACB3A} - (no file)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft® JavaScript® Console - {065DAB73-3786-4CDE-A925-4AE6C3DACB3A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {065DAB73-3786-4CDE-A925-4AE6C3DACB3A} - (no file) (HKCU)
O9 - Extra button: (no name) - {869EE607-5376-486d-8DAC-EDC8E239AD5F} - (no file) (HKCU)
O15 - Trusted Zone: www.hotmail.com
O15 - Trusted Zone: www.mail.com
O15 - Trusted Zone: http://login.passport.net
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak02.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.9.0.0.2.cab

 

jwatt

4.4K Posts

August 14th, 2004 22:00

Shakabpa,

Your version of HijackThis isn't current. You can download the current version, 1.98.2, here.

When you've downloaded the new version, you should install HijackThis into a new folder, such as C:\HJT. Your current copy is in C:\.

You may wish to register at TomCoyote.org and post your log in the Virus and Trojan Removals board at TomCoyote.org for review by certified volunteer experts. Be sure describe the problem you're experiencing.

Other forums specializing in assisting with spyware/malware problems:

SpywareInfo.com
Net-Integration.net

Please see this post by ChrisRLG for more information.

Jim

Message Edited by jimw on 08-14-2004 04:47 PM

cghost

302 Posts

August 19th, 2004 20:00

Shakabpa

8 Posts

August 20th, 2004 01:00

I posted at tom coyote but never got any responses.  Can anyone here help?  I seem to still be having some problems.  I ran Hijack This again but the log is the same as the one originall posted.  Thanks.

Was this post helpful?

View All

No Events found!

Top