Hijacked By Every Tom, Dick & Harry Out There! He

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Hijacked By Every Tom, Dick & Harry Out There! He

Options

doxiegirl View Member Profile	Sep 6 2004, 02:09 PM Post #1
New Member Group: Authentic Member Posts: 12 Joined: 5-April 04 Member No.: 3,814	Logfile of HijackThis v1.97.7 Scan saved at 4:06:06 PM, on 9/6/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Internet Security\NISUM.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Norton Internet Security\ccPxySvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\AccessDirect\dadapp.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Dell\AccessDirect\DadTray.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common files\WinTools\WToolsA.exe C:\Program Files\earthlinkim\aim.exe C:\Program Files\Kontiki\bin\kontiki.exe C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE C:\Program Files\Common files\WinTools\WToolsS.exe C:\Program Files\Common files\WinTools\WSup.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Palm\HOTSYNC.EXE C:\Program Files\scthemes\scthemes.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Missy\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50032 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50032 R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink Pop-Up Blocker\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Dell\|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE O4 - HKCU\..\Run: [IM] C:\Program Files\earthlinkim\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -noauth O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: PowerReg SchedulerV2.exe O4 - Startup: ScreenThemes.lnk = C:\Program Files\scthemes\scthemes.exe O4 - Startup: Update Grokster.lnk = ? O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201 O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Instant Messenger (SM) (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll O16 - DPF: ChatSpace Full Java Client 3.1.0.235 - http://63.102.227.121:8005/Java/cfs31235.cab O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...ol_v1-0-3-9.cab O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/SassCln.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2B7BD3-1961-42CB-BD3F-8B7221FA022B}: NameServer = 207.217.120.83,207.69.188.185 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1D8D13D-89AA-43EE-8BBC-A0674FFEF614}: NameServer = 207.217.126.81 207.217.77.82

Replies

ChrisRLG View Member Profile	Sep 15 2004, 06:55 AM Post #2
Spyware Fighter Group: Visiting Teacher Posts: 3,869 Joined: 2-November 03 From: Southend, Essex, UK Member No.: 693 Operating System: all :)	Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click here to email) with a link to your thread. Donations in support of this Web Site are always appreciated Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Posts in this topic

doxiegirl Hijacked By Every Tom, Dick & Harry Out There! He Sep 6 2004, 02:09 PM

shelf life hello doxiegirl, first could you move HJt to its ... Sep 6 2004, 03:43 PM

doxiegirl thanks shelf life. what were you saying to look... Sep 6 2004, 06:18 PM

shelf life hello doxiegirl, see this about the free version ... Sep 6 2004, 07:17 PM

doxiegirl shelf life...i still can't see what you were s... Sep 7 2004, 05:53 AM

doxiegirl shelf life...i still can't see what you were s... Sep 7 2004, 05:54 AM

doxiegirl shelf life - I now see the links for the grokster ... Sep 7 2004, 10:52 AM

shelf life hello doxiegirl, yes, should uninstall from the a... Sep 7 2004, 12:29 PM

doxiegirl hi shelf life - grokster successfully uninstalle... Sep 7 2004, 09:34 PM

shelf life hello again, what, not done yet: run HJT again a... Sep 8 2004, 08:03 PM

doxiegirl one more time...here it is. thanks! dg Logfi... Sep 8 2004, 08:58 PM

doxiegirl I am *still* being hijacked by something - i'm... Sep 9 2004, 10:28 AM

shelf life hello doxiegirl, did you ever get ad-aware? if no... Sep 9 2004, 05:32 PM

doxiegirl hi shelf life - i ran ad-aware (again) - for som... Sep 10 2004, 06:00 AM

doxiegirl hi shelf life - i ran ad-aware (again) - for som... Sep 10 2004, 06:01 AM

shelf life hello doxiegirl, try to run the VX2 plugin while ... Sep 10 2004, 01:38 PM

doxiegirl okay - hopefully removed look2me! here... Sep 10 2004, 09:20 PM

shelf life hello doxiegirl, good work! you had some nast... Sep 11 2004, 04:26 PM

doxiegirl shelf life - here's one last log. i don... Sep 11 2004, 10:28 PM

shelf life hello doxiegirl, sorry for delay, latest log look... Sep 13 2004, 08:29 PM

ChrisRLG Glad we could be of assistance. This topic is now ... Sep 15 2004, 06:55 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] my yahoo mail address hijacked	2	davemcl	253	11th January 2010 - 05:08 PM Last post by: LDTate
Infections Removal [Resolved] Yahoo messenger hijacked 12	29	terryfelter	876	7th January 2010 - 12:34 PM Last post by: CatByte
Infections Removal [Resolved] Browser Hijacked 12	21	l3x	999	7th January 2010 - 12:26 PM Last post by: CatByte
Infections Removal [Resolved] hijacked agan	6	miller2644	369	28th December 2009 - 04:58 PM Last post by: LDTate