Hijacked By Every Tom, Dick & Harry Out There! He

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Hijacked By Every Tom, Dick & Harry Out There! He

Options

doxiegirl View Member Profile	Sep 6 2004, 02:09 PM Post #1
New Member Group: Authentic Member Posts: 12 Joined: 5-April 04 Member No.: 3,814	Logfile of HijackThis v1.97.7 Scan saved at 4:06:06 PM, on 9/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common files\WinTools\WToolsA.exe C:\Program Files\earthlinkim\aim.exe C:\Program Files\Kontiki\bin\kontiki.exe C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE C:\Program Files\Common files\WinTools\WToolsS.exe C:\Program Files\Common files\WinTools\WSup.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\scthemes\scthemes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Missy\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Dell\|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE O4 - HKCU\..\Run: [IM] C:\Program Files\earthlinkim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: PowerReg SchedulerV2.exe O4 - Startup: ScreenThemes.lnk = C:\Program Files\scthemes\scthemes.exe O4 - Startup: Update Grokster.lnk = ? O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Instant Messenger (SM) (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://63.102.227.121:8005/Java/cfs31235.cab O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2B7BD3-1961-42CB-BD3F-8B7221FA022B}: NameServer = 207.217.120.83,207.69.188.185 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D8D13D-89AA-43EE-8BBC-A0674FFEF614}: NameServer = 207.217.126.81 207.217.77.82

Posts in this topic

doxiegirl Hijacked By Every Tom, Dick & Harry Out There! He Sep 6 2004, 02:09 PM

shelf life hello doxiegirl, first could you move HJt to its ... Sep 6 2004, 03:43 PM

doxiegirl thanks shelf life. what were you saying to look... Sep 6 2004, 06:18 PM

shelf life hello doxiegirl, see this about the free version ... Sep 6 2004, 07:17 PM

doxiegirl shelf life...i still can't see what you were s... Sep 7 2004, 05:53 AM

doxiegirl shelf life...i still can't see what you were s... Sep 7 2004, 05:54 AM

doxiegirl shelf life - I now see the links for the grokster ... Sep 7 2004, 10:52 AM

shelf life hello doxiegirl, yes, should uninstall from the a... Sep 7 2004, 12:29 PM

doxiegirl hi shelf life - grokster successfully uninstalle... Sep 7 2004, 09:34 PM

shelf life hello again, what, not done yet: run HJT again a... Sep 8 2004, 08:03 PM

doxiegirl one more time...here it is. thanks! dg Logfi... Sep 8 2004, 08:58 PM

doxiegirl I am *still* being hijacked by something - i'm... Sep 9 2004, 10:28 AM

shelf life hello doxiegirl, did you ever get ad-aware? if no... Sep 9 2004, 05:32 PM

doxiegirl hi shelf life - i ran ad-aware (again) - for som... Sep 10 2004, 06:00 AM

doxiegirl hi shelf life - i ran ad-aware (again) - for som... Sep 10 2004, 06:01 AM

shelf life hello doxiegirl, try to run the VX2 plugin while ... Sep 10 2004, 01:38 PM

doxiegirl okay - hopefully removed look2me! here... Sep 10 2004, 09:20 PM

shelf life hello doxiegirl, good work! you had some nast... Sep 11 2004, 04:26 PM

doxiegirl shelf life - here's one last log. i don... Sep 11 2004, 10:28 PM

shelf life hello doxiegirl, sorry for delay, latest log look... Sep 13 2004, 08:29 PM

ChrisRLG Glad we could be of assistance. This topic is now ... Sep 15 2004, 06:55 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] my yahoo mail address hijacked	2	davemcl	205	11th January 2010 - 05:08 PM Last post by: LDTate
Infections Removal [Resolved] Yahoo messenger hijacked	29	terryfelter	666	7th January 2010 - 12:34 PM Last post by: CatByte
Infections Removal [Resolved] Browser Hijacked	21	l3x	812	7th January 2010 - 12:26 PM Last post by: CatByte
Infections Removal [Resolved] hijacked agan	6	miller2644	295	28th December 2009 - 04:58 PM Last post by: LDTate