Hijacked By Every Tom, Dick & Harry Out There! He

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Hijacked By Every Tom, Dick & Harry Out There! He

Options

doxiegirl View Member Profile	Sep 6 2004, 02:09 PM Post #1
New Member Group: Authentic Member Posts: 12 Joined: 5-April 04 Member No.: 3,814	Logfile of HijackThis v1.97.7 Scan saved at 4:06:06 PM, on 9/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common files\WinTools\WToolsA.exe C:\Program Files\earthlinkim\aim.exe C:\Program Files\Kontiki\bin\kontiki.exe C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE C:\Program Files\Common files\WinTools\WToolsS.exe C:\Program Files\Common files\WinTools\WSup.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\scthemes\scthemes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Missy\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Dell\|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE O4 - HKCU\..\Run: [IM] C:\Program Files\earthlinkim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: PowerReg SchedulerV2.exe O4 - Startup: ScreenThemes.lnk = C:\Program Files\scthemes\scthemes.exe O4 - Startup: Update Grokster.lnk = ? O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Instant Messenger (SM) (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://63.102.227.121:8005/Java/cfs31235.cab O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2B7BD3-1961-42CB-BD3F-8B7221FA022B}: NameServer = 207.217.120.83,207.69.188.185 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D8D13D-89AA-43EE-8BBC-A0674FFEF614}: NameServer = 207.217.126.81 207.217.77.82

Replies

shelf life View Member Profile	Sep 6 2004, 07:17 PM Post #2
SuperMember Group: Malware Expert Posts: 3,181 Joined: 15-May 04 From: @localhost Member No.: 6,820 Operating System: Debian, Windows	hello doxiegirl, see this about the free version of Grokster; http://www.grokster.com/us/privacy/ads.html i missed one, look in add/remove panel and uninstall Kontiki next download (but dont run it yet) LSPfix from: http://www.cexx.org/lspfix.htm now run HJT and have it fix these; R3 - Default URLSearchHook is missing O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201 these are optional fixes for HJT (not malware, but not needed) O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: PowerReg SchedulerV2.exe ------------------------------------------------------------------------------------------------ reboot then run LSPfix; Directions for LSPfix: make sure you click the "I know what I'm doing" button. Select>> inetadpt.dll<< and using the right-pointing 'arrows' and move all instances of inetadpt.dll it mentions and >nothing else< to the Remove side but leave everything else (it might already be over there when you open LSPFix). Click the 'Finished' button (if you exit with the X at top right nothing happens). -------------------------------------------------------------------------------------------------- also suggest ad-aware (free) http://www.lavasoft.de/ to configure ad aware: click on "Check For Updates Now", download updates. Next: - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine: check: "Unload recognized processes during scanning." Scanning > activate these: "Scan within archives", "Scan active processes", "Scan registry", "Deep scan registry", "Scan my IE Favorites for banned sites" and "Scan my Hosts file" Tweaks > Cleaning Engine: activate these: "Automatically try to unregister objects prior to deletion" and "Let Windows remove files in use after reboot." Press "Scan Now" - Check option "Use Custom scanning options" - Check option "Activate In-Depth Scan" - Press "Select drives\folders to scan" - Select the active partition which is usually C: Now press "Next" to let Ad-aware scan your drives... It will find a number of "bad" files and registry keys. Click 'Next' again Right-click in that pane and choose "select all" If it finds "bad" files and registry keys, press "Next" again It will ask you whether you'd like to remove all checked items. Click OK. Finally, close Ad-Aware, and reboot. afterwards post a new HJT log...............

Posts in this topic

doxiegirl Hijacked By Every Tom, Dick & Harry Out There! He Sep 6 2004, 02:09 PM

shelf life hello doxiegirl, first could you move HJt to its ... Sep 6 2004, 03:43 PM

doxiegirl thanks shelf life. what were you saying to look... Sep 6 2004, 06:18 PM

shelf life hello doxiegirl, see this about the free version ... Sep 6 2004, 07:17 PM

doxiegirl shelf life...i still can't see what you were s... Sep 7 2004, 05:53 AM

doxiegirl shelf life...i still can't see what you were s... Sep 7 2004, 05:54 AM

doxiegirl shelf life - I now see the links for the grokster ... Sep 7 2004, 10:52 AM

shelf life hello doxiegirl, yes, should uninstall from the a... Sep 7 2004, 12:29 PM

doxiegirl hi shelf life - grokster successfully uninstalle... Sep 7 2004, 09:34 PM

shelf life hello again, what, not done yet: run HJT again a... Sep 8 2004, 08:03 PM

doxiegirl one more time...here it is. thanks! dg Logfi... Sep 8 2004, 08:58 PM

doxiegirl I am *still* being hijacked by something - i'm... Sep 9 2004, 10:28 AM

shelf life hello doxiegirl, did you ever get ad-aware? if no... Sep 9 2004, 05:32 PM

doxiegirl hi shelf life - i ran ad-aware (again) - for som... Sep 10 2004, 06:00 AM

doxiegirl hi shelf life - i ran ad-aware (again) - for som... Sep 10 2004, 06:01 AM

shelf life hello doxiegirl, try to run the VX2 plugin while ... Sep 10 2004, 01:38 PM

doxiegirl okay - hopefully removed look2me! here... Sep 10 2004, 09:20 PM

shelf life hello doxiegirl, good work! you had some nast... Sep 11 2004, 04:26 PM

doxiegirl shelf life - here's one last log. i don... Sep 11 2004, 10:28 PM

shelf life hello doxiegirl, sorry for delay, latest log look... Sep 13 2004, 08:29 PM

ChrisRLG Glad we could be of assistance. This topic is now ... Sep 15 2004, 06:55 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] my yahoo mail address hijacked	2	davemcl	263	11th January 2010 - 05:08 PM Last post by: LDTate
Infections Removal [Resolved] Yahoo messenger hijacked 12	29	terryfelter	894	7th January 2010 - 12:34 PM Last post by: CatByte
Infections Removal [Resolved] Browser Hijacked 12	21	l3x	1,018	7th January 2010 - 12:26 PM Last post by: CatByte
Infections Removal [Resolved] hijacked agan	6	miller2644	377	28th December 2009 - 04:58 PM Last post by: LDTate