Hijacked browser - HijackThis log attached

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mnccfan, Jun 9, 2004.

  1. mnccfan

    mnccfan Private E-2

    I am running Windows 98 and IE 6.0. I ran AdAware, Spybot, and CWShredder and it keeps finding problems and fixing them, but whatever has hijacked my browser will not go away. Here's my HijackThis log. Can someone please help? Thanks in advance!

    Logfile of HijackThis v1.97.7

    Scan saved at 10:19:35 PM, on 6/9/04

    Platform: Windows 98 Gold (Win9x 4.10.1998)

    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL

    C:\WINDOWS\SYSTEM\MSGSRV32.EXE

    C:\WINDOWS\SYSTEM\MPREXE.EXE

    C:\WINDOWS\SYSTEM\mmtask.tsk

    C:\WINDOWS\SYSTEM\MSTASK.EXE

    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE

    C:\PROGRAM FILES\IOMEGA\AUTODISK\ADSERVICE.EXE

    C:\WINDOWS\EXPLORER.EXE

    C:\WINDOWS\TASKMON.EXE

    C:\WINDOWS\SYSTEM\SYSTRAY.EXE

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE

    C:\WINDOWS\SYSTEM\HPZTSB06.EXE

    C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE

    C:\WINDOWS\SYSTEM\STIMON.EXE

    C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE

    C:\PROGRAM FILES\IOMEGA\AUTODISK\ADUSERMON.EXE

    C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE

    C:\WINDOWS\SYSTEM\SPOOL32.EXE

    C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE

    C:\WINDOWS\SYSTEM\TAPISRV.EXE

    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE

    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE

    C:\WINDOWS\SYSTEM\PSTORES.EXE

    C:\WINDOWS\SYSTEM\HPZSTATX.EXE

    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

    C:\WINDOWS\SYSTEM\DDHELP.EXE

    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EarthLink, Inc.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O2 - BHO: (no name) - {56580C69-BA5F-11D8-A1C4-00017257FEBD} - C:\WINDOWS\SYSTEM\ODAJCF.DLL

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe

    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb06.exe

    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe

    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe

    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"

    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    O4 - HKLM\..\RunServices: [ADService] C:\Program Files\Iomega\AutoDisk\ADService.exe

    O4 - HKCU\..\Run: [E6TaskPanel] "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -winstart

    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html

    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html

    O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html

    O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html

    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html

    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38135.5140277778
     
    mnccfan, Jun 9, 2004
    #1
  2. General_Lee_Stoned

    General_Lee_Stoned BuZZed Lightyear

    hi there have hijack this fix these
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\SYSTEM\ODAJCF.DLL/sp.html (obfuscated)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no file)
    O2 - BHO: (no name) - {56580C69-BA5F-11D8-A1C4-00017257FEBD} - C:\WINDOWS\SYSTEM\ODAJCF.DLL

    Then reboot into safe mode and delete this if still present
    C:\WINDOWS\SYSTEM\ODAJCF.DLL
    you may need to show hidden files and folders
     
    General_Lee_Stoned, Jun 10, 2004
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds