Thread: Help with Browser Hijacker
View Single Post
Old 07-13-2005, 04:26 PM   #3 (permalink)
leyhunter
Registered User
 
Join Date: Jul 2005
Posts: 6
OS: XP Pro


here is my log files from AboutBuster and Hijackthis
AboutBuster 5.0 reference file 30
Scan started on [7/13/2005] at [6:10:28 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\baabf.log:ubbdui
Removed Stream! C:\WINDOWS\bcwzf.log:qdtxjy
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:mtmiwk
Removed Stream! C:\WINDOWS\bootstat.dat:iemddb
Removed Stream! C:\WINDOWS\clock.avi:dvrcld
Removed Stream! C:\WINDOWS\comsetup.log:vwkhfn
Removed Stream! C:\WINDOWS\CTDV10K2.CDF:hxwmh
Removed Stream! C:\WINDOWS\d3dx.dat:ctahvb
Removed Stream! C:\WINDOWS\dasetup.log:jqdot
Removed Stream! C:\WINDOWS\fahvm.dat:cwqkts
Removed Stream! C:\WINDOWS\foreo.txt:vxbxnu
Removed Stream! C:\WINDOWS\gciap.dat:lizeyq
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:djsjaa
Removed Stream! C:\WINDOWS\Gone Fishing.bmp:fwylqm
Removed Stream! C:\WINDOWS\GTINFO.INI:xxqzko
Removed Stream! C:\WINDOWS\iis6.log:fmgtfn
Removed Stream! C:\WINDOWS\iumax.dat:ymqyzx
Removed Stream! C:\WINDOWS\KB828035.log:rcfvj
Removed Stream! C:\WINDOWS\KB835732.log:tlryrc
Removed Stream! C:\WINDOWS\KB837001.log:wgldld
Removed Stream! C:\WINDOWS\KB839643-DirectX9.log:uvqmah
Removed Stream! C:\WINDOWS\KB839645.log:gdcxsw
Removed Stream! C:\WINDOWS\KB840374.log:lycxf
Removed Stream! C:\WINDOWS\KB841873.log:zevlmh
Removed Stream! C:\WINDOWS\KB887742.log:lcktyn
Removed Stream! C:\WINDOWS\KB888113.log:jzzyp
Removed Stream! C:\WINDOWS\KB890046.log:dcczay
Removed Stream! C:\WINDOWS\KB890047.log:upgtw
Removed Stream! C:\WINDOWS\KB891781.log:ftmicq
Removed Stream! C:\WINDOWS\KB893803.log:nqmweu
Removed Stream! C:\WINDOWS\KB893803v2.log:xtfvet
Removed Stream! C:\WINDOWS\KB896422.log:grwbgx
Removed Stream! C:\WINDOWS\LPT$VPN.923:ujrixt
Removed Stream! C:\WINDOWS\lvawa.log:qjmdos
Removed Stream! C:\WINDOWS\ODBC.INI:socgzi
Removed Stream! C:\WINDOWS\phhhb.log:dpvmts
Removed Stream! C:\WINDOWS\Q815021.log:maktyd
Removed Stream! C:\WINDOWS\Q817287.log:saiid
Removed Stream! C:\WINDOWS\regopt.log:vtltz
Removed Stream! C:\WINDOWS\SBWIN.INI:rkgqny
Removed Stream! C:\WINDOWS\sessmgr.setup.log:jlzwpi
Removed Stream! C:\WINDOWS\sessmgr.setup.log:qjyblz
Removed Stream! C:\WINDOWS\setupapi.log:oignx
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:abzfd
Removed Stream! C:\WINDOWS\spupdsvc.log:enrjda
Removed Stream! C:\WINDOWS\spupdsvc.log:sfnpni
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:kgxdhs
Removed Stream! C:\WINDOWS\SYMEVENT.LOG:wokoxk
Removed Stream! C:\WINDOWS\vb.ini:btelex
Removed Stream! C:\WINDOWS\wmsetup.log:fgpvc
Removed Stream! C:\WINDOWS\yxtqy.dat:otcpgc
Removed Stream! C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-00531102}.CDF:ahpmh
------------------------------------------------
Removed File! : C:\Windows\gwzpb.dll
Removed File! : C:\Windows\jhvhd.dll
Removed File! : C:\Windows\rgdsn.dll
Removed File! : C:\Windows\rhfzn.dll
Removed File! : C:\Windows\untnf.dll
Removed File! : C:\Windows\System32\aiutq.dll
Removed File! : C:\Windows\System32\argds.dat
Removed File! : C:\Windows\System32\ckzkj.dll
Removed File! : C:\Windows\System32\yfetv.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:11:21 PM


====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 6/3/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 6:25:41 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\ntji32.exe
C:\WINDOWS\system32\cruj32.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\$NtServicePackUninstall$\notepad.exe
C:\Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iwon.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {DC73983B-D030-AD00-8DD5-12322CEA9002} - C:\WINDOWS\atlqm32.dll
O2 - BHO: Class - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - C:\WINDOWS\ntzz32.dll
O2 - BHO: Class - {F81F861E-BD6D-4CF2-2AC2-69DCF3E68324} - C:\WINDOWS\system32\atlok.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_x63b8e1\printray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ntji32.exe] C:\WINDOWS\system32\ntji32.exe
O4 - HKLM\..\RunOnce: [netcr.exe] C:\WINDOWS\system32\netcr.exe
O4 - HKLM\..\RunOnce: [apift32.exe] C:\WINDOWS\system32\apift32.exe
O4 - HKLM\..\RunOnce: [crrz32.exe] C:\WINDOWS\crrz32.exe
O4 - HKLM\..\RunOnce: [javaop32.exe] C:\WINDOWS\javaop32.exe
O4 - HKLM\..\RunOnce: [cruj32.exe] C:\WINDOWS\system32\cruj32.exe
O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5B61ECA-6052-4A3F-88F9-D39ADAA280EE}: NameServer = 192.168.1.1
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\netcr.exe" /s (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE


End of KRC HijackThis Analyzer Log.
====================================================================
leyhunter is offline