Hijacked, or something

Discussion in 'adware, spyware & hijack cleaning' started by DrizzleDown, May 24, 2004.

Thread Status:
Not open for further replies.
  1. DrizzleDown

    DrizzleDown Registered Member

    Joined:
    May 24, 2004
    Posts:
    3
    Got 2 pc's behind a router running DHCP. One of them has had its tcp/ip disabled. When I try to run Internet Explorer, it says it's trying to identify proxy settings and then says it can't find the page I'm looking for. Running ipconfig shows two settings:
    Autoconfiguration IP Address: 169.254.195.152
    Subnet Mask: 255.255.0.0

    I've tried digging these out of the registry, but they return when I restart the system.

    I've also tried uninstalling and reinstalling tcp/ip, but the configuration settings return after the post-reinstall restart.

    Here is the HijackThis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 10:56:44 AM, on 5/24/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINNT\System32\smss.exe
    F:\WINNT\system32\winlogon.exe
    F:\WINNT\system32\services.exe
    F:\WINNT\system32\lsass.exe
    F:\WINNT\system32\svchost.exe
    F:\WINNT\system32\spoolsv.exe
    G:\Program Files\Avast\aswUpdSv.exe
    G:\Program Files\Avast\ashServ.exe
    F:\WINNT\System32\svchost.exe
    F:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
    F:\WINNT\system32\MSTask.exe
    F:\WINNT\system32\ScsiAccess.EXE
    F:\WINNT\system32\stisvc.exe
    F:\WINNT\wanmpsvc.exe
    F:\WINNT\System32\WBEM\WinMgmt.exe
    F:\WINNT\system32\mspmspsv.exe
    F:\WINNT\system32\svchost.exe
    F:\WINNT\Explorer.EXE
    G:\PROGRA~1\Avast\ashDisp.exe
    G:\PROGRA~1\Avast\ashmaisv.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
    F:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\bin\HPOVDX05.EXE
    E:\TW\Tech\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - G:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\Avast\ashDisp.exe
    O4 - HKLM\..\Run: [ashMaiSv] G:\PROGRA~1\Avast\ashmaisv.exe
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "G:\PROGRA~1\SYSTEM~1\PopupStopper.exe"
    O4 - Global Startup: HP OfficeJet T Series Startup.lnk = F:\Program Files\Hewlett-Packard\HP OfficeJet T Series NT\Bin\HPOstr05.exe
    O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Open using &Advanced JPEG Compressor - F:\Program Files\Advanced JPEG Compressor\ajcieex.htm
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37984.6366782407
    O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://ib.armstrong.com/ib/databases/actimage30717.cab
    O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    Thanks in advance for your help.
     
    DrizzleDown, May 24, 2004
    #1
  2. ChrisRLG

    ChrisRLG Registered Member

    Joined:
    Oct 10, 2003
    Posts:
    80
    Location:
    Essex, UK
    One dead link

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    But otherwise a clean log - could be the popup stopper try removing that and see if the problem goes away.
     
    ChrisRLG, May 26, 2004
    #2
  3. snapdragin

    snapdragin Registered Member

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Drizzledown,

    Since your log is clean, this may be just a firewall/router configuration issue. You may want to ask your question over in our Other Firewall forum where other member's can post some helpful suggestions for you. :)

    https://www.wilderssecurity.com/forumdisplay.php?f=31

    Regards,

    snap
     
    snapdragin, May 27, 2004
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...