It is currently Wed Nov 21, 2018 8:45 am


need help with browser

Discuss security related topics in here (Hacking, Cracking, and Protecting)
Do not post HJT Logs here

Moderator: PCguy

need help with browser

Postby effect » Sun May 23, 2004 10:43 pm

I'm currently at my fathers home - his browser is really messed up...

It won't close without ctrl + alt + del - ending iexplore
It will just make the windows beap noice when you try to close it... I'm thinking it's a hijack so I got the log file all ready to go.. Also it's running extremely slow! I ran spyware programs like ad aware - so most of it is gone i will try some of the others that i have seen in recent posts...

here is the log

Logfile of HijackThis v1.97.7
Scan saved at 4:33:57 PM, on 5/23/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mueller.NORTHGATE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dcelgq.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dcelgq.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dcelgq.t.rack.cc/hp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dcelgq.t.rack.cc/sp.php (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {54ED9B49-81D1-4866-95A6-30F01DE0047E} - c:\winnt\iexplorr29.dll
O2 - BHO: (no name) - {90E34F98-E3E6-4CD7-A592-E964FED8AF78} - c:\winnt\iexplorr26.dll
O2 - BHO: (no name) - {94326E3F-F51F-4863-A832-4ACD0D7D4BC3} - c:\winnt\iexplorr27.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5D9230C3-459E-4760-9668-2004F07B56E2} - (no file)
O3 - Toolbar: (no name) - {811FF8D1-473E-4671-897B-419826F4D431} - (no file)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKCU\..\Run: [PopUpStopperCompanion] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSComp.exe"
O4 - Startup: Norton Disk Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/p ... der_v5.cab

hope i can get some help soon :} - thanks in advance
User avatar
effect
Newbie
Newbie
 
Posts: 7
Joined: Fri Apr 02, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Postby effect » Mon May 24, 2004 6:34 am

hey i got it - the things wrong were pretty obvious i have had a few of these problems before
User avatar
effect
Newbie
Newbie
 
Posts: 7
Joined: Fri Apr 02, 2004 1:00 am

Thanks given:0
Thanks received:0
Top

Postby liljim » Mon May 24, 2004 6:43 am

If you have made some changes you may want to post a new log,you definatly have some problems that are most likely still there.
User avatar
liljim
Moderator
Moderator
 
Posts: 3017
Joined: Mon Mar 03, 2003 1:00 am
Location: Louisiana
Operating System: Win 7 Home Premium X64

Thanks given:0
Thanks received:12
Top

Postby brad » Mon May 24, 2004 2:07 pm

Try the following if you haven't already done so:

Turn off System Restore. (Turn it back on after this is repaired and you've rebooted.) Close all other open Windows and have HiJackThis Fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dcelgq.t.rack.cc/sp.php (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dcelgq.t.rack.cc/sp.php (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dcelgq.t.rack.cc/hp.php (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dcelgq.t.rack.cc/sp.php (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {54ED9B49-81D1-4866-95A6-30F01DE0047E} - c:\winnt\iexplorr29.dll
O2 - BHO: (no name) - {90E34F98-E3E6-4CD7-A592-E964FED8AF78} - c:\winnt\iexplorr26.dll
O2 - BHO: (no name) - {94326E3F-F51F-4863-A832-4ACD0D7D4BC3} - c:\winnt\iexplorr27.dll
O3 - Toolbar: (no name) - {5D9230C3-459E-4760-9668-2004F07B56E2} - (no file)
O3 - Toolbar: (no name) - {811FF8D1-473E-4671-897B-419826F4D431} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)

Now delete these Folders or Files (You may need enable "Show all Files" and disable "Hide System Files" in Windows Explorer / Tools / Folder Options / View Tab) that are Highlighted then empty your "Recycle Bin" and reboot: (You may have to boot to "Safe Mode" in order to delete some Files/Folders)

c:\winnt\iexplorr29.dll
c:\winnt\iexplorr26.dll
c:\winnt\iexplorr27.dll

brad
"Duty is a matter of the mind. Commitment is a matter of the heart".
brad
Geek Alumni
 
Posts: 2079
Joined: Sat Jul 19, 2003 1:00 am
Location: Charlotte, NC

Thanks given:0
Thanks received:0
Top


Return to Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron