Hijack This - Web Browser hijacking and Hijack log help

JHAM5325 · August 27, 2004

My web browser has been hijacked by full search biz and I can't seem to get rid of it. I have run ad aware, scanned my disk, ran disk cleanup, etc. Then I installed and ran Hijack This. I deleted the five search biz files that showed up on Hijack, thinking I had the problem solved, but when I reboot there is the old fulll search biz on my browser. Here is the Hijack log. (This is after I deleted the five search biz files.)Please help.

What can I get rid of without messing up my system:

Thanks....Jackie

Logfile of HijackThis v1.98.2

Scan saved at 6:01:33 AM, on 8/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\avmon.exe

C:\WINDOWS\System32\service.exe

C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Program Files\America Online 9.0a\waol.exe

C:\Program Files\America Online 9.0a\shellmon.exe

C:\Program Files\Common Files\Aol\aoltpspd.exe

C:\Documents and Settings\Owner\Desktop\Hijack\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avc] C:\WINDOWS\System32\avmon.exe

O4 - HKLM\..\Run: [systrans] C:\WINDOWS\System32\service.exe

O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\RunServices: [systrans] C:\WINDOWS\System32\service.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [systrans] C:\WINDOWS\System32\service.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Forget Me Not.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{1540C987-EEBF-4724-9B3D-50A21DC80984}: NameServer = 205.188.146.146

O17 - HKLM\System\CS1\Services\Tcpip\..\{1540C987-EEBF-4724-9B3D-50A21DC80984}: NameServer = 205.188.146.146

:x

Sampson · August 27, 2004

Download BHODemon: http://pcworld.com/downloads/file_description/0,fid,23611,00.asp (if you already haven't) Install it and run it. Get rid of browser helpers that you do not recognize. Don't worry about Acrobat or Google toolbars. The suspicious file seems to be avmon.exe

Then, download Mozilla Firefox and start using it as your browser to surf with. It is not as susceptible as IE.

Sign In

Hijack This - Web Browser hijacking and Hijack log help

Recommended Posts

JHAM5325 0

Share this post

Link to post

Sampson 0

Share this post

Link to post

Please sign in to comment

Browse

Activity