Logfile of HijackThis v1.99.1 - drcpr : MAC-NET Secures IT

MAC-NET

How to

Do more with Firefox^NEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack

Home » Spyware Protection » Hijacked Browser Analysis »

Logfile of HijackThis v1.99.1 - drcpr

This log looks clean. However, you may want to remove the following entries:

O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE

Also remember NOT to run hijackthis.exe inside the zip file. Unzip (extract) it to your desktop then double click on "HijackThis.exe" icon in this way a backup for the removed key will be created on your desktop (useful if you remove them wrongly).

Scan saved at 6:40:43 AM, on 4 / 12 / 2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ System32 \ CTsvcCDA.exe
C: \ Program Files \ Roxio \ GoBack \ GBPoll.exe
C: \ Program Files \ Norton SystemWorks \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton SystemWorks \ Norton Utilities \ NPROTECT.EXE
C: \ PROGRA~1 \ NORTON~1 \ SPEEDD~1 \ nopdb.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ System32 \ MsPMSPSv.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ WINDOWS \ system32 \ cidaemon.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ PROGRA~1 \ WINZIP \ winzip32.exe
C: \ Documents and Settings \ Candy \ Local Settings \ Temp \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Default_Page_URL = website: education.dellnet.com /
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: red.clientapps.yahoo.com / customize / ie / defaults / sp / ymsgr6 / *website: yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,SearchAssistant = about:blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: red.clientapps.yahoo.com / customize / ie / defaults / sb / ymsgr6 / *website: yahoo.com / ext / search / search.html
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: red.clientapps.yahoo.com / customize / ie / defaults / stp / ymsgr*website: my.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = website: channels.aimtoday.com / search / aimtoolbar.jsp
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - website: security.symantec.com / sscv6 / SharedContent / vc / bin / AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - website: a1540.g.akamai.net / 7 / 1540 / 52 / 20021205 / qtinstall.info.apple.com / drakken / us / win / QuickTimeInstaller.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - website: security.symantec.com / sscv6 / SharedContent / common / bin / cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https: / / www-secure.symantec.com / techsupp / activedata / SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https: / / www-secure.symantec.com / techsupp / activedata / ActiveData.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C: \ WINDOWS \ System32 \ CTsvcCDA.exe
O23 - Service: GBPoll - Roxio, Inc. - C: \ Program Files \ Roxio \ GoBack \ GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C: \ Program Files \ Norton SystemWorks \ Norton AntiVirus \ navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C: \ WINDOWS \ System32 \ NMSSvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C: \ Program Files \ Norton SystemWorks \ Norton Utilities \ NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C: \ PROGRA~1 \ COMMON~1 \ SYMANT~1 \ SCRIPT~1 \ SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C: \ PROGRA~1 \ NORTON~1 \ SPEEDD~1 \ nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe

updreg.exe 12-Apr-2005

Post your comment

Mail this page