Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help


  • Please log in to reply
3 replies to this topic

#1 rick

rick

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 21 April 2004 - 12:20 PM

Logfile of HijackThis v1.97.7
Scan saved at 9:29:11 AM, on 4/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINNT\system32\winproc32.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
C:\WINNT\system32\mrtMngr.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\RBrower\Desktop\HijackThis.exe
C:\Documents and Settings\RBrower\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2&b=ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2&b=ex
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://4-counter.com/?b=ex
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2&b=ex
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://4-counter.com/?a=2&b=ex
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://4-counter.com/?a=2&b=ex
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://4-counter.com/?a=2&b=ex
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://4-counter.com/?a=2&b=ex
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [Windows Internet Protocol] C:\WINNT\system32\winproc32.exe
O4 - HKCU\..\Run: [rundll32] C:\Documents and Settings\RBrower\rundll32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks 2001 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
O16 - DPF: {401F2F3A-8C56-4736-8C9E-37854F174AC9} (ProjectPoint Document) - https://folders.buzzsaw.com/!/download/...Point-BZ-EN.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8077.2843055556
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft...ols/DoomCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

    Advertisements

Register to Remove


#2 P.T.

P.T.

    Authentic Member

  • Authentic Member
  • PipPip
  • 77 posts
  • Interests:computer stuff, web design, learning something new.

Posted 21 April 2004 - 08:49 PM

You have a variant of(un)coolwebsearch. If you would please download CWShredder from here . Click here to Download CWS. Unzip to desk top and run from there.Click fix not scan. Then reboot. Rerun HiJackThis, post a new HiJackThis log into this thread.

Edited by P.T., 21 April 2004 - 08:57 PM.

Posted Image

What lies behind us and lies before us are small matters compared to what lies within us.
Ralph Waldo Emerson

Computer Rx

#3 rick

rick

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 21 April 2004 - 09:58 PM

Logfile of HijackThis v1.97.7
Scan saved at 8:46:32 PM, on 4/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2001.exe
C:\WINNT\system32\mrtMngr.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Browser Hijack Blaster\bhblaster.exe
C:\Documents and Settings\RBrower\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O15 - Trusted Zone: http://iweb.fultonhomes.com

#4 P.T.

P.T.

    Authentic Member

  • Authentic Member
  • PipPip
  • 77 posts
  • Interests:computer stuff, web design, learning something new.

Posted 22 April 2004 - 06:24 AM

Hello Rick, I would like to know if you've posted a complete HiJackThis log? If not, could you please repost a new one? Have you taken anything out yourself?

Edited by P.T., 22 April 2004 - 06:27 AM.

Posted Image

What lies behind us and lies before us are small matters compared to what lies within us.
Ralph Waldo Emerson

Computer Rx

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users