Frustrated by a hijacked browser

Discussion in 'adware, spyware & hijack cleaning' started by Orangatank, Jul 3, 2004.

Thread Status:
Not open for further replies.
  1. Orangatank

    Orangatank Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    3
    Good day/afternoon/evening:
    I seem to have had my browser hijacked, and am getting a bit frustrated. I am wondering if you all could provide some assistance. I originally attempted to take care of this by running Ad-aware and Spybot S&D. After updating and running the both of them my browser went back to its normal start page. I than ran a script to lock down the ability to change the start up page, locks t in the registry, After reboot it was back again though, and the ability to change it was still locked?!

    Problems experienced: The browser was always reverting back to "about:blank", and more pop ups were coming up. Soon there after I started to get warnings: "Virtual memory minimum too low!". The browser would also randomly exit out. Now my system seems to be slower than usual.

    I have read through the 3 steps that are mentioned, to be done prior to posting, and ran through them. I am running the most up-to-date Ad-aware/Spybot S&D/NAV. I first ran Ad-aware, deleted all, rebooted and it ran again (I deleted again). I then ran Spybot and cleared all that stuff too. I then ran Hijack This and have the log saved. Since I ran Hijack this with the IE browser closed, I obviously had to open a session to post, and the browser did not open into the about:blank, but msn?? I am still unsure about the whole thing so I am still including the log file.

    Here it is:
    Logfile of HijackThis v1.97.7
    Scan saved at 1:49:19 PM, on 7/3/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINNT\system32\drivers\KodakCCS.exe
    C:\WINNT\System32\NMSSvc.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\System32\ScsiAccess.EXE
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\MsgSys.EXE
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\SK9910DM.EXE
    C:\WINNT\GWMDMMSG.exe
    C:\WINNT\System32\hkcmd.exe
    C:\WINNT\System32\PROMon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Documents and Settings\Administrator\Desktop\HiJack This\HijackThis1977.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r6.attbi.com:8000
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r6.attbi.com;localhost
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    O2 - BHO: (no name) - {052B2030-28E7-46D2-BC41-5662746F30ED} - C:\WINNT\System32\cec.dll (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
    O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: &Smart Stopper - {C4370071-9FF8-4442-B9C7-F849AC0789CA} - C:\PROGRA~1\SMARTS~1\SMARTS~1.DLL
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
    O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
    O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
    O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [SAClient] "C:\Program Files\Comcast\BBClient\Programs\RegCon.exe" /admincheck
    O4 - HKLM\..\Run: [SAUpdate] "C:\Program Files\Comcast\BBClient\Programs\SAUpdate.exe"
    O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
    O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [OOBEDDDemise] cmd /x /c erase C:\WINNT\System32\oobe\msoobe.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: Support (HKCU)
    O9 - Extra button: ComcastHSI (HKCU)
    O9 - Extra button: Help (HKCU)
    O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1408.g.akamai.net/7/1408/99...W/win/061-0848.20031022.TtzS4/iTunesSetup.exe
    O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - hcp://system/TechTools.CAB
    O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://terminal.uits.uconn.edu/msrdp.cab
    O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
    O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.145/2_0/ACNePlayer.cab
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab


    Thanks a heap-load!!!

    Also, has anyone heard/tried a utility called tune-up? I would like to see about this slowness issue as well. Thanks again, and have a wonderful day/afternoon/evening!!!
     
    Orangatank, Jul 3, 2004
    #1
  2. Orangatank

    Orangatank Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    3
    Just checking up to see if anyone has any suggestions. Thanks
     
    Orangatank, Jul 7, 2004
    #2
  3. Orangatank

    Orangatank Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    3
    o_O Am I posting in the wrong forumo_O If someone could direct me to the correct area to post, I would appreciate it. Thanks.
     
    Orangatank, Jul 10, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...