Hijack this log++totally clueless.

Posted 11/14/2004 10:08 AM
#4746
User avatar

holsapplelj Member

Date Joined Nov 2016
Total Posts: 2
Ok some how I have aquired the heretofind.com hijacker. It's not affecting my home page but it wont let me browse other websites. Here is the hijack this log. I'm totally clueless on what to do now. Can someone please help me get rid of this thing. <br/> <br/> <br/>Logfile of HijackThis v1.97.7 <br/>Scan saved at 4:59:32 AM, on 11/14/2004 <br/>Platform: Windows XP (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 (6.00.2600.0000) <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\WINDOWS\System32\PackethSvc.exe <br/>C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe <br/>C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe <br/>C:\WINDOWS\System32\nvsvc32.exe <br/>C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\ZoneLabs\vsmon.exe <br/>C:\WINDOWS\wanmpsvc.exe <br/>C:\WINDOWS\System32\wpconfig.exe <br/>C:\WINDOWS\System32\carpserv.exe <br/>C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe <br/>C:\Program Files\Analog Devices\SoundMAX\Smtray.exe <br/>C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe <br/>C:\Program Files\Microsoft Works\WksSb.exe <br/>C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe <br/>C:\Program Files\Yahoo!\browser\ybrwicon.exe <br/>C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe <br/>C:\WINDOWS\System32\kpqoqd.exe <br/>C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe <br/>C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe <br/>C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe <br/>C:\documents and settings\valued customer\local settings\temp\s.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\Win Comm\WinComm.exe <br/>C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe <br/>C:\Program Files\Windows AdControl\WinAdCtl.exe <br/>C:\WINDOWS\System32\twink64.exe <br/>C:\Program Files\Messenger\msmsgs.exe <br/>C:\Documents and Settings\Valued Customer\Application Data\amee.exe <br/>C:\Program Files\Windows AdControl\WinAdAlt.exe <br/>C:\Program Files\Win Comm\WinLock.exe <br/>C:\PROGRA~1\Yahoo!\browser\ycommon.exe <br/>C:\Compaq\EAKDRV\EAUSBKBD.EXE <br/>C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe <br/>C:\WINDOWS\System32\wuauclt.exe <br/>C:\Program Files\Yahoo!\Messenger\YPAGER.EXE <br/>C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE <br/>C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE <br/>C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe <br/>C:\Program Files\Yahoo!\browser\ybrowser.exe <br/>C:\Documents and Settings\Valued Customer\Local Settings\Temporary Internet Files\Content.IE5\89QFC9U3\HijackThis[1].exe <br/>C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\autodown.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://www.heretofind.com/show.php?id=120&q=%s]http://www.heretofind.com/show.php?id=120&q=%s[/url] <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\spe\start.chm::/start.html# <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.search-exe.com/nph-search.cgi?tcode=exebar1&look=sbar1_srchbtn <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url=http://www.heretofind.com/show.php?id=120&q=%s]http://www.heretofind.com/show.php?id=120&q=%s[/url] <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=32777 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw= <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.search-exe.com/nph-search.cgi?tcode=exesrch1&look=stmpl1&fw= <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank <br/>R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll <br/>O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll <br/>O2 - BHO: (no name) - {0AEE4D0C-4B38-4196-AE32-70ACE5656647} - C:\WINDOWS\System32\winsrm32.dll <br/>O2 - BHO: (no name) - {26BBE190-674F-4910-98C9-06C9F19A64A1} - C:\WINDOWS\System32\ofhjki.dll (file missing) <br/>O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll <br/>O2 - BHO: Search Help - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Valued Customer\Local Settings\Temp\Jxcz.dll <br/>O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll <br/>O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx <br/>O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll <br/>O3 - Toolbar: (no name) - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - (no file) <br/>O3 - Toolbar: Search Bar - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\Downloaded Program Files\rundlg32.dll <br/>O3 - Toolbar: TheSearchMall.com Bar - {4B8F38C7-62FC-4762-B9A0-27E63F768167} - C:\WINDOWS\System32\winsrm32.dll <br/>O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-544243544243} - C:\WINDOWS\System32\TBC.dll <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize <br/>O4 - HKLM\..\Run: [CARPService] carpserv.exe <br/>O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe <br/>O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" <br/>O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe <br/>O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe <br/>O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot <br/>O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers <br/>O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe <br/>O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" <br/>O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe <br/>O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe <br/>O4 - HKLM\..\Run: [wp_config] wpconfig.exe <br/>O4 - HKLM\..\Run: [zerzvpack2] uzpdate2.exe <br/>O4 - HKLM\..\Run: [REEGRUN] C:\ca.exe <br/>O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" <br/>O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" <br/>O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe <br/>O4 - HKLM\..\Run: [ubfeorrnj] C:\WINDOWS\System32\kpqoqd.exe <br/>O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l <br/>O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" <br/>O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe <br/>O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe <br/>O4 - HKLM\..\Run: [s] C:\documents and settings\valued customer\local settings\temp\s.exe <br/>O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe <br/>O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H <br/>O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe <br/>O4 - HKLM\..\Run: [Search-Exe] "C:\Program Files\se\v11\se.EXE" /H <br/>O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [Win Comm] C:\Program Files\Win Comm\WinComm.exe <br/>O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/>O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe <br/>O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\twink64.exe internat.dll,LoadKeyboardProfile <br/>O4 - HKLM\..\RunServices: [wp_config] wpconfig.exe <br/>O4 - HKLM\..\RunServices: [zerzvpack2] uzpdate2.exe <br/>O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background <br/>O4 - HKCU\..\Run: [wp_config] wpconfig.exe <br/>O4 - HKCU\..\Run: [MSChoExE] suge.exe <br/>O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe <br/>O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\Valued Customer\Application Data\amee.exe <br/>O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan <br/>O4 - HKLM\..\RunOnce: [wp_config] wpconfig.exe <br/>O4 - HKCU\..\RunOnce: [wp_config] wpconfig.exe <br/>O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe <br/>O8 - Extra context menu item: &Yahoo! Search - http://www.heretofind.com/show.php?id=120&q= <br/>O13 - WWW Prefix: http://www.heretofind.com/show.php?id=120&q= <br/>O13 - Home Prefix: http://www.heretofind.com/show.php?id=120&q= <br/>O13 - Mosaic Prefix: http://www.heretofind.com/show.php?id=120&q= <br/>O13 - Gopher Prefix: http://www.heretofind.com/show.php?id=120&q= <br/>O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 <br/>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab <br/>O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/20609/online.chm::/on-line.exe <br/>O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://c:\nosuch.mht!http://www.search-and-more.com/clk/130.chm::/file.exe <br/>O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=c4b22ccc2604fce1eddde7bc1b05853a942c8f9076eec6a5aa4575c1fbbf031458e511937026819222e4fedad7609572eea12a2ae54ebe5fa2579ae9d9555d:520254c6ae31119456192437fc021adc <br/>O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab <br/>O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab <br/>O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/yinst/yinst_current.cab <br/>O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB <br/>O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab <br/>O16 - DPF: {41D13E9A-BB94-402A-8502-AFA78526B63D} (iiittt Class) - http://www.thesearchmall.com/toolbar/winsrm32.cab <br/>O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab <br/>O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab <br/>O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab <br/>O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab <br/>O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll <br/>O16 - DPF: {A27AD582-5BE5-4C2D-82F0-48B24FE02040} - http://www.adshooter.com/pop_shooter/install/win2000/SYSsfitb.cab <br/>O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/installs/yab_af.cab <br/>O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
Posted 11/14/2004 11:07 AM
#4751
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB">[3]http://windowsupdate.microsoft.com/[/3]</A><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"><o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; mso-ansi-language: EN-GB"> <br/> <br/>Please update Hijackthis, or download a new version: <SPAN style="COLOR: black">: <SPAN class=spnmessagetext><SPAN style="COLOR: windowtext; FONT-FAMILY: Verdana; TEXT-DECORATION: none; text-underline: none"><SPAN style="mso-field-code: 'HYPERLINK 'http://danborg.org/spy/HJT/hijackthis.exe'\t '_blank''"><SPAN style="COLOR: blue">http://danborg.org/spy/HJT/hijackthis.exe<SPAN style="COLOR: windowtext; FONT-FAMILY: Verdana; TEXT-DECORATION: none; text-underline: none"> <br/> <br/> <br/>Post new log<o:p></o:p> <br/> <br/><SPAN lang=EN-GB style="FONT-SIZE: 10pt; FONT-FAMILY: Arial; mso-ansi-language: EN-GB"> <o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/23/2013 4:50 AM
#95014
User avatar

AvonX Valued member

Date Joined Nov 2016
Total Posts: 21
@Touch <br/>"Oh my good, I have never see so many infections before in one log" :lol: <br/> <br/>Touch do you have any idea if they will update combofix for windows 8? <br/>I mean if they have any plans to make it compatible with windows 8.
Posted 1/23/2013 9:50 AM
#95015
User avatar

Robert Mateescu Advanced member

Date Joined Nov 2016
Total Posts: 427
Just a quote from BleepingComputer's website: <br/>'Please be patient while the developer gets CF ready for Windows 8. At this time there is no eta as to when it will be available.'
Robert Mateescu
Senior Support Technician EN
[url]support@bullguard.com[/url]
www.bullguard.com

Download the Free Trial version of BullGuard Internet Security

You have a BullGuard related problem? Contact our Support team directly via Live Chat for immediate assistance: http://www.bullguard.com/support.aspx!
Posted 1/23/2013 1:28 PM
#95016
User avatar

AvonX Valued member

Date Joined Nov 2016
Total Posts: 21
"Robert Mateescu" wrote: Just a quote from BleepingComputer's website: <br/>'Please be patient while the developer gets CF ready for Windows 8. At this time there is no eta as to when it will be available.'
<br/> <br/>Thank you Robert for the info.
Posted 1/24/2013 7:29 AM
#95022
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
<SPAN class=hps>Here <SPAN class=hps>is the <SPAN class=hps>reason why <SPAN class=hps>it has not been <SPAN class=hps>released :smile: <br/> <br/><SPAN class=hps>"Combofix <SPAN class=hps>to <SPAN class=hps>Win8 <SPAN class=hps>is made, <SPAN class=hps>but <SPAN class=hps>is currently being <SPAN class=hps>detained <SPAN class=hps>because <SPAN class=hps>too many <SPAN class=hps>helpers <SPAN class=hps>are not yet <SPAN class=hps>familiar <SPAN class=hps>with <SPAN class=hps>Windows 8 <SPAN class=hps>- <SPAN class=hps>and <SPAN class=hps>subs <SPAN class=hps>have <SPAN class=hps>an idea <SPAN class=hps>that you <SPAN class=hps>should know <SPAN class=hps>what you are doing."

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 1/24/2013 1:35 PM
#95023
User avatar

AvonX Valued member

Date Joined Nov 2016
Total Posts: 21
@Touch <br/> <br/>Well to me its not a good reason for not releasing it. <br/>Maybe you have it Touch and you are not telling us that you have it? :lol: <br/>By the way, i have tried Qihoo 360 and it sure has some features that i would like to see on BullGuard. <br/>The only problem was that it was in Chinese. :lol:
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 11, 2016, 7:18 AM (GMT +1)
There are a total of 61,164 posts in 13,450 threads.
In the last 3 days there were 0 new threads and 3 reply posts.

Who's online

This forum has 37,970 registered members. Please welcome our newest member, MJD.
There are currently no users on-line.