pccbryan
asked on
Browser Hijack Problems (HiJackThis Log Attaced) Please Help!!!
I have been working on a computer in my office in for a few hours now, and i cannot seem to find what is causeing the problem. Please help.
So, I have run Ad-aware, Spybot S&D, Norton, and CWS Shredder a dozen or so times, and this browser hijack keeps coming back. Now, im am getting pop-ups constantly, but cannot find the file that is causeing the problem.
Here is my hijackthis log. (THis is on a win98 box):
========================== ========== ========== ========== ==
Logfile of HijackThis v1.99.1
Scan saved at 4:02:22 PM, on 3/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32 .DLL
C:\WINDOWS\SYSTEM\MSGSRV32 .EXE
C:\WINDOWS\SYSTEM\MPREXE.E XE
C:\PROGRAM FILES\REALVNC\WINVNC\WINVN C.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW 95.EXE
C:\WINDOWS\SYSTEM\MSTASK.E XE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU RITY\SYMAN TEC ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU RITY\SYMAN TEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711 \KB891711. EXE
C:\WINDOWS\SYSTEM\ZONELABS \VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY .EXE
C:\WINDOWS\SYSTEM\HKCMD.EX E
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.E XE
C:\WINDOWS\SYSTEM\SYSTRAY. EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU RITY\SYMAN TEC ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EX E
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WORDPERFECT OFFICE 11\PROGRAMS\PRINTSERVER110 .EXE
C:\WINDOWS\SYSTEM\WMIEXE.E XE
C:\WINDOWS\SYSTEM\SPOOL32. EXE
C:\WINDOWS\SYSTEM\ZSPOOL32 .EXE
C:\WINDOWS\SYSTEM\PSTORES. EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJ ACKTHIS.EX E
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page = http://www.yahoo.com/
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0 0A0C908246 7} - C:\WINDOWS\SYSTEM\MSDXM.OC X
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray .exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.ex e
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce. exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFAL ERT.EXE
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd .exe -startup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex e"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw rScheme
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAM FILES\REALVNC\WINVNC\WINVN C.EXE" -service
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw 95.exe -w3svc
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMAN T~1\rtvscn 95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMAN T~1\defwat ch.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711 \KB891711. EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS \VSMON.EXE -service
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: PrintServer110.exe.lnk = C:\Program Files\WordPerfect Office 11\Programs\PrintServer110 .exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR 2.DLL/cmse arch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR 2.DLL/cmca che.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR 2.DLL/cmsi milar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR 2.DLL/cmba cklinks.ht ml
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR 2.DLL/cmtr ans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi ns\NPDocBo x.dll
O16 - DPF: {90A29DA5-D020-4B18-8660-6 689520C7CD 7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-0 0400512739 B} (PWMediaSendControl Class) - http://216.249.24.143/code/PWActiveXImgCtl.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5 D2C442ADFD E} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0 050DAC5EBD 0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5 87CAF3EE8C 6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0 050DA18DE7 1} (RdxIE Class) - http://207.188.7.150/190c97011e49f32efb15/netzip/RdxIE601.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-0 0C04F72DAE B} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2 41A8EBDFE0 A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0 060082AA75 C} (GpcContainer Class) - https://vocusevents.webex.com/client/latest/event/ieatgpc.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0 D69DCBA39E F} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/live/code/IE_1070/DownloadManager.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2 2031317559 2} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O17 - HKLM\System\CCS\Services\V xD\MSTCP: NameServer = 192.168.1.254
========================== ========== ========== ========== =
Any help would be greatly appreciated.
So, I have run Ad-aware, Spybot S&D, Norton, and CWS Shredder a dozen or so times, and this browser hijack keeps coming back. Now, im am getting pop-ups constantly, but cannot find the file that is causeing the problem.
Here is my hijackthis log. (THis is on a win98 box):
==========================
Logfile of HijackThis v1.99.1
Scan saved at 4:02:22 PM, on 3/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\PROGRAM FILES\REALVNC\WINVNC\WINVN
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\WINDOWS\SYSTEM\KB891711
C:\WINDOWS\SYSTEM\ZONELABS
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY
C:\WINDOWS\SYSTEM\HKCMD.EX
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EX
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WORDPERFECT OFFICE 11\PROGRAMS\PRINTSERVER110
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\SYSTEM\SPOOL32.
C:\WINDOWS\SYSTEM\ZSPOOL32
C:\WINDOWS\SYSTEM\PSTORES.
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJ
R0 - HKCU\Software\Microsoft\In
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.ex
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFAL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAM FILES\REALVNC\WINVNC\WINVN
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: PrintServer110.exe.lnk = C:\Program Files\WordPerfect Office 11\Programs\PrintServer110
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {90A29DA5-D020-4B18-8660-6
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-0
O16 - DPF: {62475759-9E84-458E-A1AB-5
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {C3DFA998-A486-11D4-AA25-0
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O17 - HKLM\System\CCS\Services\V
==========================
Any help would be greatly appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.