I've been Hijacked (lol)...PLEASE HELP

smartguy101 · Feb 22, 2004

When ever I restart my computer and attempt to open my web browser, my regular homepage is replaced by some generic ( I want to say) search engine. Also, whenever I'm using a search engine such as MSN or Yahoo!, as soon as I've entered the info for which I wish to search, another search "assistant" pops up. I'm also inudated with pop up adds. I downloaded and ran hijack this, and it yielded the following results. PLEASE tell me what to delete. IT'S MINDNUMBING!

Logfile of HijackThis v1.97.7

Scan saved at 12:55:16 AM, on 2/22/2004

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\system32\ps2.exe

C:\Program Files\DownloadWare\dw.exe

C:\WINDOWS\wt\updater\wcmdmgr.exe

C:\WINDOWS\Winrun.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\DownloadWare Engine\DWE.EXE

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\HEWLET~1\HPSHAR~2\hpgs2wnf.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe

C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTray.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE2\CalCheck.exe

C:\PROGRA~1\DOWNLO~2\alp2plib.exe

C:\Program Files\AIM95\aim.exe

C:\Program Files\Yahoo!\Messenger\YPager.exe

C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hotbar\bin\4.3.6.0\HbSrv.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Dustin 1_2\Local Settings\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,2,0.dll

O2 - BHO: (no name) - {22941A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v1\scbar.dll

O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\Program Files\Submit\submithook.dll

O2 - BHO: (no name) - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet5_64.dll

O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll

O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\Documents and Settings\Dustin 1_2\Application Data\msub\msub.dll

O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\Documents and Settings\Dustin 1_2\Application Data\msub\mssearch.dll

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\Documents and Settings\Dustin 1_2\Application Data\msub\msiesh.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Zero-Knowledge Freedom - {FA91B828-F937-4568-82C1-843627E63ED7} - C:\Program Files\Zero Knowledge\Freedom\BandObjs.dll

O3 - Toolbar: &Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\bin\4.3.6.0\HbHostIE.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,2,0.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background

O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\mcafee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H

O4 - HKLM\..\Run: [DownloadWare] "C:\Program Files\DownloadWare\dw.exe" /H

O4 - HKLM\..\Run: [MSstartup] C:\WINDOWS\Winrun.exe

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [SwimSuitNetwork] "C:\Program Files\SwimSuitNetwork\SwimSuitNetwork.exe" /H

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [LINUX32] C:\WINDOWS\SYSTEM32\LINUX32.vbs

O4 - HKLM\..\Run: [DownloadWare Engine] "C:\Program Files\DownloadWare Engine\DWE.EXE" /H

O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v1\scbar.exe" /U

O4 - HKLM\..\Run: [KAZAA] C:\Program Files\KaZaA\kazaa.exe /SYSTRAY

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe

O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM32\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\bin\4.3.6.0\HbInst.exe /Upgrade

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install

O4 - HKLM\..\RunServices: [reload] C:\WINDOWS\reload.vbs

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\PCHButton.exe

O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Reality Fusion GameCam SE.lnk = C:\Program Files\Reality Fusion\Reality Fusion GameCam SE\Program\RFTray.exe

O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE2\CalCheck.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: ICQ Lite (HKLM)

O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab

O16 - DPF: Yahoo! Chat 1.3 - http://cs5.chat.sc5.yahoo.com/c174/chat.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab

O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://lop.com/Software_Plugin.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...StatsClient.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yah...ymmapi_0727.dll

O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://www.blowsearch.com/TB/The_Ul...er_Enhancer.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab

O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab

O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/swimsuitnetwork.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yah.../yiebio4025.cab

O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binar...ireShowdown.cab

O16 - DPF: {FC327B3F-377B-4CB7-8B61-27CD69816BC3} - http://www.getweathercast.com/WeatherAutoCAST0010.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{7E1A0351-3652-4804-A560-2687237D0669}: NameServer = 216.165.129.157 134.215.200.126

alanc · Feb 22, 2004

You have a lot of spyware on your system. Download, update and run Ad-aware and Spybot (they're both free) and fix whatever they find.

You also need to go to Windows Update and download/install SP1 and all critical updates for XP. If you're still having trouble after all that post back and let us know. And have a look here:

http://www.majorgeeks.com/vb/showthread.php?t=25834
http://www.majorgeeks.com/vb/showthread.php?t=26149

NICK ADSL UK · Feb 22, 2004

Hi smartguy101
If i just my add that when you have you done what alanc has suggested you install Spywareblaster and spyware guard to prevent this from happening again. Both of which can be found here
http://www.majorgeeks.com/download2859.html
http://www.majorgeeks.com/download3045.html

Log in or Sign up

I've been Hijacked (lol)...PLEASE HELP

smartguy101 Private E-2

alanc MajorGeek

NICK ADSL UK MajorGeeks Forum Administrator Staff Member

Log in or Sign up

I've been Hijacked (lol)...PLEASE HELP

smartguy101 Private E-2

alanc MajorGeek

NICK ADSL UK MajorGeeks Forum Administrator Staff Member

Useful Searches