MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » Re: HijackThisLog Analysis - Jay » 

Follow-up Log file

Logfile of HijackThis v1.97.7
Scan saved at 10:00:06 AM, on 10 / 8 / 2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C: \ WINNT \ System32 \ smss.exe
C: \ WINNT \ system32 \ winlogon.exe
C: \ WINNT \ system32 \ services.exe
C: \ WINNT \ system32 \ lsass.exe
C: \ WINNT \ system32 \ svchost.exe
C: \ WINNT \ System32 \ svchost.exe
C: \ WINNT \ system32 \ spoolsv.exe
C: \ WINNT \ Explorer.exe
C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
C: \ WINNT \ System32 \ CTHELPER.EXE
C: \ WINNT \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb05.exe
C: \ WINNT \ System32 \ hphmon04.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ evntsvc.exe
C: \ WINNT \ System32 \ fgfjvzx.exe
C: \ PROGRA~1 \ ALWILS~1 \ Avast4 \ ashDisp.exe
C: \ Program Files \ AIM \ aim.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ WINNT \ System32 \ Ati2evxx.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINNT \ System32 \ CTsvcCDA.exe
C: \ WINNT \ system32 \ gearsec.exe
C: \ WINNT \ System32 \ MsPMSPSv.exe
C: \ WINNT \ System32 \ msiexec.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Documents and Settings \ Jay´s Toy \ Desktop \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,CustomizeSearch = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = website: websearch.drsnsrch.com / sidesearch.cgi?id=
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ SearchURL,(Default) = websearch.drsnsrch.com / q.cgi?q=
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyServer = https=12.242.19.9:8000
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyOverride = 12.242.19.9
F0 - system.ini: Shell=Explorer.exe C: \ WINNT \ System32 \ System32.exe
F2 - REG:system.ini: Shell=Explorer.exe C: \ WINNT \ System32 \ System32.exe
O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C: \ WINNT \ multimpp.dll
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C: \ WINNT \ systb.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 5.0 \ Reader \ ActiveX \ AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINNT \ System32 \ msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM \ .. \ Run: [Synchronization Manager] mobsync.exe / logon
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control

commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.