MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » 

Logfile of HijackThis v1.97.7 - Bird47


Scan saved at 6:48:36 PM, on 1 / 2 / 2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ spoolsv.exe
c: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ windows \ system \ hpsysdrv.exe
C: \ Program Files \ USB Storage RW \ shwicon.exe
C: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
C: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Unload \ hpqcmon.exe
C: \ HP \ KBD \ KBD.EXE
C: \ Program Files \ VERITAS Software \ Update Manager \ sgtray.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ system32 \ CTHELPER.EXE
C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb05.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ WINDOWS \ system32 \ RUNDLL32.EXE
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ 3B Software \ Windows Registry Repair Pro \ RegistryRepairPro.exe
C: \ WINDOWS \ System32 \ CTsvcCDA.exe
c: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnf.exe
C: \ WINDOWS \ ehome \ ehSched.exe
C: \ Program Files \ hp center \ 137903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
c: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ System32 \ MsPMSPSv.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ ehome \ ehmsas.exe
C: \ Documents and Settings \ Administrator \ Desktop \ misc \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = res: / / C: \ DOCUME~1 \ ADMINI~1 \ LOCALS~1 \ Temp \ sp.dll / sp.html
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = about:blank
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = about:blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = res: / / C: \ DOCUME~1 \ ADMINI~1 \ LOCALS~1 \ Temp \ sp.dll / sp.html
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = about:blank
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search,SearchAssistant = about:blank
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyOverride = localhost
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ Program Files \ Adobe \ Acrobat 5.0 \ Reader \ ActiveX \ AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c: \ program files \ google \ googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O2 - BHO: (no name) - {C61DD882-7B7D-4ECE-9D4D-68E13EC9BB6E} - C: \ WINDOWS \ system32 \ pjbj.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C: \ HP \ EXPLOREBAR \ HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c: \ program files \ google \ googletoolbar2.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [KYE_Showicon] "C: \ Program Files \ USB Storage RW \ shwicon.exe" -t"KYE \ USB Storage RW"
O4 - HKLM \ .. \ Run: [Share-to-Web Namespace Daemon] c: \ Program Files \ Hewlett-Packard \ HP Share-to-Web \ hpgs2wnd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] c: \ Program Files \ Hewlett-Packard \ Digital Imaging \ Unload \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [StorageGuard] "C: \ Program Files \ VERITAS Software \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [Reminder] "C: \ Windows \ Creator \ Remind_XP.exe"
O4 - HKLM \ .. \ Run: [ccApp] "c: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [ccRegVfy] "c: \ Program Files \ Common Files \ Symantec Shared \ ccRegVfy.exe"
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll,NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [CTHelper] CTHELPER.EXE
O4 - HKLM \ .. \ Run: [UpdReg] C: \ WINDOWS \ UpdReg.EXE
O4 - HKLM \ .. \ Run: [HPDJ Taskbar Utility] C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ hpztsb05.exe
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" -osboot
O4 - HKLM \ .. \ Run: [iTunesHelper] C: \ Program Files \ iTunes \ iTunesHelper.exe
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll,NvTaskbarInit
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Windows Registry Repair Pro] C: \ Program Files \ 3B Software \ Windows Registry Repair Pro \ RegistryRepairPro.exe 4
O4 - Global Startup: customize__IE.lnk = C: \ hp \ region \ customizeIe.wsf
O4 - Global Startup: hp center.lnk = C: \ Program Files \ hp center \ 137903 \ Program \ BackWeb-137903.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C: \ Program Files \ Quicken \ bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Restrictions present
O8 - Extra context menu item: &Google Search - res: / / c: \ program files \ google \ GoogleToolbar2.dll / cmsearch.html
O8 - Extra context menu item: Backward Links - res: / / c: \ program files \ google \ GoogleToolbar2.dll / cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res: / / c: \ program files \ google \ GoogleToolbar2.dll / cmcache.html
O8 - Extra context menu item: Similar Pages - res: / / c: \ program files \ google \ GoogleToolbar2.dll / cmsimilar.html
O8 - Extra context menu item: Translate into English - res: / / c: \ program files \ google \ GoogleToolbar2.dll / cmtrans.html
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C: \ Program Files \ Internet Explorer \ Plugins \ NPDocBox.dll
O16 - DPF: ConferenceRoom Java Client - website: mail.igl.net:8000 / java / cr.cab
O16 - DPF: Yahoo! Literati - website: download.games.yahoo.com / games / clients / y / tt3_x.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - website: v5.windowsupdate.microsoft.com / v5consumer / V5Controls / en / x86 / client / wuweb_site.cab?1101691925234

commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.