pccbryan
asked on
Browser Hijack Problems (HiJackThis Log Attaced) Please Help!!!
I have been working on a computer in my office in for a few hours now, and i cannot seem to find what is causeing the problem. Please help.
So, I have run Ad-aware, Spybot S&D, Norton, and CWS Shredder a dozen or so times, and this browser hijack keeps coming back. Now, im am getting pop-ups constantly, but cannot find the file that is causeing the problem.
Here is my hijackthis log. (THis is on a win98 box):
==========================
Logfile of HijackThis v1.99.1
Scan saved at 4:02:22 PM, on 3/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\PROGRAM FILES\REALVNC\WINVNC\WINVN
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\WINDOWS\SYSTEM\KB891711
C:\WINDOWS\SYSTEM\ZONELABS
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY
C:\WINDOWS\SYSTEM\HKCMD.EX
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EX
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WORDPERFECT OFFICE 11\PROGRAMS\PRINTSERVER110
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\SYSTEM\SPOOL32.
C:\WINDOWS\SYSTEM\ZSPOOL32
C:\WINDOWS\SYSTEM\PSTORES.
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJ
R0 - HKCU\Software\Microsoft\In
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.ex
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFAL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAM FILES\REALVNC\WINVNC\WINVN
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: PrintServer110.exe.lnk = C:\Program Files\WordPerfect Office 11\Programs\PrintServer110
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {90A29DA5-D020-4B18-8660-6
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-0
O16 - DPF: {62475759-9E84-458E-A1AB-5
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {C3DFA998-A486-11D4-AA25-0
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O17 - HKLM\System\CCS\Services\V
==========================
Any help would be greatly appreciated.
So, I have run Ad-aware, Spybot S&D, Norton, and CWS Shredder a dozen or so times, and this browser hijack keeps coming back. Now, im am getting pop-ups constantly, but cannot find the file that is causeing the problem.
Here is my hijackthis log. (THis is on a win98 box):
==========================
Logfile of HijackThis v1.99.1
Scan saved at 4:02:22 PM, on 3/14/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32
C:\WINDOWS\SYSTEM\MSGSRV32
C:\WINDOWS\SYSTEM\MPREXE.E
C:\PROGRAM FILES\REALVNC\WINVNC\WINVN
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW
C:\WINDOWS\SYSTEM\MSTASK.E
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\WINDOWS\SYSTEM\KB891711
C:\WINDOWS\SYSTEM\ZONELABS
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\IGFXTRAY
C:\WINDOWS\SYSTEM\HKCMD.EX
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.E
C:\WINDOWS\SYSTEM\SYSTRAY.
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECU
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EX
C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WORDPERFECT OFFICE 11\PROGRAMS\PRINTSERVER110
C:\WINDOWS\SYSTEM\WMIEXE.E
C:\WINDOWS\SYSTEM\SPOOL32.
C:\WINDOWS\SYSTEM\ZSPOOL32
C:\WINDOWS\SYSTEM\PSTORES.
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJ
R0 - HKCU\Software\Microsoft\In
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\SYSTEM\igfxtray
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM\hkcmd.ex
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFAL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.ex
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPw
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAM FILES\REALVNC\WINVNC\WINVN
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Startup: PrintServer110.exe.lnk = C:\Program Files\WordPerfect Office 11\Programs\PrintServer110
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugi
O16 - DPF: {90A29DA5-D020-4B18-8660-6
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-0
O16 - DPF: {62475759-9E84-458E-A1AB-5
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0
O16 - DPF: {C3DFA998-A486-11D4-AA25-0
O16 - DPF: {72C23FEC-3AF9-48FC-9597-2
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
O17 - HKLM\System\CCS\Services\V
==========================
Any help would be greatly appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.