Ive been HIJACKED?!?

Recently ive found myself unable to enter to my hotmail email site. whenever y confirm my user name and password y get a "done" message. someone told me that it was a spy, or a hijack, or something like that, but ive already tried downloading y testing my pc with CWShredder and tons of other utilities and nothing...! Does anyone what is this all about?? Thank you!!!

 

http://forums.majorgeeks.com/showthread.php?t=35407
READ ME FIRST: Basic Spyware, Trojan And Virus Removal

 

YEEESSS!!! Ive already tried that, and... NOTHING!!!

 

did you follow the link to

http://forums.majorgeeks.com/showthread.php?t=38752 ?

 

Yes, i did, but i just wanna know if anyone heard about my problem, because i dont even know if ive been infected with a hijacker or what (im really an amateur on these things)
do i really need to download the Hijack utility?

 

so you have downloaded and used these(per the instructions in
http://forums.majorgeeks.com/showthread.php?t=35407 )

Ad-Aware SE
Ad-Aware VX2 Cleaner Plug-In
CCleaner
Spybot
SpywareBlaster
McAfee AVERT Stinger
CWShredder
Kill2me
about:Buster
HSRemove

but have not yet installed or ran


Hijack This


if not, pls do. .

 

regardless of whether or not anyone has heard about it,it's not normal.. you should preempt and scan anyway.. you know ..C.Y.A (cover your ***)

 

OOOOKKKK... so, Ive downloaded HijackThis, run the scan, save the log file, analyzed it, erased the corrupted lines... and nothing! Ive also already scan my system with CCleaner, AdAware, etc., etc., and I still cant enter my hotmail account trough Internet Explorer. I had to download a different explorer to access my account, but thats not the point...

 

mind if we look at your log file?

 

Ok, here it is...

 

well there are three things
1. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
you can remove that

2. I see you're using DAP (download accelerator) . It is up in the air as to wether or not that is spyware or contains spyware along with the install.

3. You have a possible trojan on your machine
O4 - HKLM\..\Run: [WTLXPan] WTLXPan.Exe

Boot to safe mode and make sure you have no extra programs open.

Run this

peperfix
http://downloads.subratam.org/PeperFix.exe

and this

http://www.majorgeeks.com/download.php?det=4281
a-squared (a²) Free edition 1.1 (free registration required)

when you're done. Run HJT again and save a new log and upload it to a new post.

 

OK, Ill do that. But first, that WTLXPan.Exe thing is a sound card utility thats located in the systray, its not a trojan. What happens if I erase that line from HijackThis? Will I loose the utility (I need it)?
Thanks for the help...!

 

don't remove it.. I couldn't find any info on it and it was a randomly named exe (to me ) so I categorized it as a possible trojan, which clearly it is not after your post.

 

So I run Peperfix and a-squared (a²) Free edition 1.1 utilities in safe mode... and still nothing!
Here´s the new .log file...

Logfile of HijackThis v1.98.2
Scan saved at 04:07:06 p.m., on 07/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Utilities\HijackThis\HijackThis.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Utilities\DAP 7\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\utilities\Acrobat Reader\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\Utilities\WINOPT~1\PopUp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WTLXPan] WTLXPan.Exe
O8 - Extra context menu item: &Download with &DAP - C:\Utilities\DAP 7\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Utilities\DAP 7\dapextie2.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Utilities\DAP 7\DAP.EXE
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1096251019703

 

I can't veryify the following's authenticity
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\Utilities\WINOPT~1\PopUp.dll

I would suggest removing DAP as it has been known to contain spyware. That could be your problem.

 

Ill try removing DAP

This line "O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\Utilities\WINOPT~1\PopUp.dll" belongs to the WinOptimizer utility that uses a Pop-up killer.

Thank you, anyway, Kodo !