The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

Redirected to this https://69.42.87.219/e.html problem

Posted 5/8/2005 5:52 AM
#14424
User avatar

brain_whisper Member

Date Joined Nov 2016
Total Posts: 1
Hi, I had removed a bunch of spyware and trojans using Ad-aware and MicrosoftAntiSpyware. But when I open the IE , a new window is opening with advertisement. If internet is not connected, I can see it is trying to connect toolbar5.trafficgeneration.biz

I am adding log file generated by Hijackthis.

Please help

Logfile of HijackThis v1.99.1
Scan saved at 1:32:28 AM, on 5/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msdtc.exe
C:\SQLLIB\bin\db2jds.exe
C:\SQLLIB\bin\db2sec.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\HJKThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.google.com"); (C:\Documents and Settings\Sudheer\Application Data\Mozilla\Profiles\default\qu2pq8ye.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Sudheer\Application Data\Mozilla\Profiles\default\qu2pq8ye.slt\prefs.js)
O1 - Hosts: 127.0.1.16 intranet.csb.cgi.ca
O1 - Hosts: 127.0.1.39 edprov.ent.cginet
O1 - Hosts: 127.0.1.32 portal.ent.cgi.ca
O1 - Hosts: 127.0.1.18 intranet.mtl.cgi.ca
O1 - Hosts: 127.0.1.20 www1.qc.cgi.ca
O1 - Hosts: 127.0.1.35 mail3.cwshs.com
O1 - Hosts: 127.0.1.15 www.intranet.cgi.ca
O1 - Hosts: 127.0.1.28 serv-ap01.csb.cginet
O1 - Hosts: 127.0.1.19 intranet.jonq.cgi.ca
O1 - Hosts: 127.0.1.17 intranet.git.cgi.ca
O1 - Hosts: 127.0.1.23 balancedscorecard.ent.cgi.ca
O1 - Hosts: 127.0.1.33 mail1.cwshs.com
O1 - Hosts: 127.0.1.14 maildir.ent.cgi.ca
O1 - Hosts: 127.0.1.12 mail.cgi.ca
O1 - Hosts: 127.0.1.27 serv-ap02.csb.cginet
O1 - Hosts: 127.0.1.22 webmail.cwshs.com
O1 - Hosts: 127.0.1.34 mail2.cwshs.com
O1 - Hosts: 127.0.1.11 security.ent.cginet
O1 - Hosts: 127.0.1.30 pmo.git.cginet
O1 - Hosts: 127.0.1.24 cpc.git.cginet
O1 - Hosts: 127.0.1.25 geo.csb.cgi.ca
O1 - Hosts: 127.0.1.38 gestiondesactifs.git.cginet
O1 - Hosts: 127.0.1.21 www.qc.cgi.ca
O1 - Hosts: 127.0.1.37 test.csb.cgi.ca
O1 - Hosts: 127.0.1.31 psa.ent.cgi.ca
O1 - Hosts: 127.0.1.29 outilscpmf.git.cginet
O1 - Hosts: 127.0.1.36 e-znet.csb.cgi.ca
O1 - Hosts: 127.0.1.13 mail.cgi.com
O1 - Hosts: 127.0.1.26 orgc.cwshs.com
O1 - Hosts: 127.0.1.40 edprov-adm.ent.cginet
O1 - Hosts: 127.0.1.10 fe.wirelessmail.ent.cginet
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 6\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.DLL
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\System32\nsz2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [MoneyStartUp10.0] "c:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [EPSON Stylus CX5400 (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P28 "EPSON Stylus CX5400 (Copy 1)" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [RediffAlerter] C:\Program Files\rediff.com\Alerter\alerter.exe
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MWOL &Dictionary - res://C:\WINDOWS\_MWOLTB.DLL/23/219
O8 - Extra context menu item: MWOL &Thesaurus - res://C:\WINDOWS\_MWOLTB.DLL/23/220
O15 - Trusted Zone: https://*.windowsupdate.microsoft.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: DB2 - DB2 (DB2) - International Business Machines Corporation - C:\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\SQLLIB\bin\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\SQLLIB\bin\db2sec.exe
O23 - Service: DB2 Remote Command (DB2REMOTECMD) - International Business Machines Corporation - C:\SQLLIB\bin\db2rcmd.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceBINSU - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: RadioSvr - Unknown owner - C:\WINDOWS\system32\RadioSvr.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Thank You
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, May 21, 2022, 11:40 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
207 Guest(s), 0 Registered Member(s) are currently online.