Help! I've Been Hijacked!

Discussion in 'adware, spyware & hijack cleaning' started by Booch, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. Booch

    Booch Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1
    Location:
    Troy, OH
    I have 'Home Search Assistant', 'Search Extender', and 'Shopping Wizard' all showing up in 'add / remove programs', but can't get rid of them; they keep on coming back and keep changing my home page, etc.

    Just ran spybot and hijackthis; here's the log:

    Logfile of HijackThis v1.98.0
    Scan saved at 12:46:45 AM, on 7/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\appxv.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\ntom32.exe
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\hpoipm07.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\mcafee.com\agent\McDash.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Documents and Settings\Booch\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\smkrz.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-to-find.com/sh.php?qq=blank&pin=37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hygvj.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hygvj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hygvj.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hygvj.dll/index.html#37049
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0FEE7E33-7D50-E2F1-5115-7D9B474CAEA8} - C:\WINDOWS\system32\netwt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ntom32.exe] C:\WINDOWS\ntom32.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\RunOnce: [crbr.exe] C:\WINDOWS\system32\crbr.exe
    O4 - HKLM\..\RunOnce: [apivi32.exe] C:\WINDOWS\system32\apivi32.exe
    O4 - HKLM\..\RunOnce: [iplp.exe] C:\WINDOWS\iplp.exe
    O4 - HKLM\..\RunOnce: [iest.exe] C:\WINDOWS\system32\iest.exe
    O4 - HKLM\..\RunOnce: [winwr32.exe] C:\WINDOWS\winwr32.exe
    O4 - HKLM\..\RunOnce: [ntfv32.exe] C:\WINDOWS\system32\ntfv32.exe
    O4 - HKLM\..\RunOnce: [d3hw32.exe] C:\WINDOWS\system32\d3hw32.exe
    O4 - HKLM\..\RunOnce: [apirk32.exe] C:\WINDOWS\apirk32.exe
    O4 - HKLM\..\RunOnce: [apito32.exe] C:\WINDOWS\system32\apito32.exe
    O4 - HKLM\..\RunOnce: [apprg.exe] C:\WINDOWS\system32\apprg.exe
    O4 - HKLM\..\RunOnce: [appxv.exe] C:\WINDOWS\appxv.exe
    O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
    O4 - HKLM\..\RunOnce: [syshk32.exe] C:\WINDOWS\syshk32.exe
    O4 - HKLM\..\RunOnce: [addfk32.exe] C:\WINDOWS\addfk32.exe
    O4 - HKLM\..\RunOnce: [ipzd.exe] C:\WINDOWS\system32\ipzd.exe
    O4 - HKLM\..\RunOnce: [appfk32.exe] C:\WINDOWS\appfk32.exe
    O4 - HKLM\..\RunOnce: [crqy32.exe] C:\WINDOWS\system32\crqy32.exe
    O4 - HKLM\..\RunOnce: [d3rt32.exe] C:\WINDOWS\system32\d3rt32.exe
    O4 - HKLM\..\RunOnce: [ipvu.exe] C:\WINDOWS\ipvu.exe
    O4 - HKLM\..\RunOnce: [sysgm32.exe] C:\WINDOWS\system32\sysgm32.exe
    O4 - HKLM\..\RunOnce: [syskz.exe] C:\WINDOWS\system32\syskz.exe
    O4 - HKLM\..\RunOnce: [crwd32.exe] C:\WINDOWS\crwd32.exe
    O4 - HKLM\..\RunOnce: [msxs.exe] C:\WINDOWS\msxs.exe
    O4 - HKLM\..\RunOnce: [atlot.exe] C:\WINDOWS\atlot.exe
    O4 - HKLM\..\RunOnce: [javarn32.exe] C:\WINDOWS\system32\javarn32.exe
    O4 - HKLM\..\RunOnce: [mstm32.exe] C:\WINDOWS\system32\mstm32.exe
    O4 - HKLM\..\RunOnce: [netgb32.exe] C:\WINDOWS\netgb32.exe
    O4 - HKLM\..\RunOnce: [crxm32.exe] C:\WINDOWS\crxm32.exe
    O4 - HKLM\..\RunOnce: [syswh.exe] C:\WINDOWS\syswh.exe
    O4 - HKLM\..\RunOnce: [appzs32.exe] C:\WINDOWS\appzs32.exe
    O4 - HKLM\..\RunOnce: [crht32.exe] C:\WINDOWS\crht32.exe
    O4 - HKLM\..\RunOnce: [atlgj32.exe] C:\WINDOWS\atlgj32.exe
    O4 - HKLM\..\RunOnce: [sdkmc32.exe] C:\WINDOWS\sdkmc32.exe
    O4 - HKLM\..\RunOnce: [atlrk32.exe] C:\WINDOWS\atlrk32.exe
    O4 - HKLM\..\RunOnce: [javauo.exe] C:\WINDOWS\system32\javauo.exe
    O4 - HKLM\..\RunOnce: [addtp.exe] C:\WINDOWS\addtp.exe
    O4 - HKLM\..\RunOnce: [crvk.exe] C:\WINDOWS\system32\crvk.exe
    O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\mfcyh32.exe
    O4 - HKLM\..\RunOnce: [apptn32.exe] C:\WINDOWS\apptn32.exe
    O4 - HKLM\..\RunOnce: [mfctz.exe] C:\WINDOWS\system32\mfctz.exe
    O4 - HKLM\..\RunOnce: [sdknx.exe] C:\WINDOWS\sdknx.exe
    O4 - HKLM\..\RunOnce: [javase.exe] C:\WINDOWS\javase.exe
    O4 - HKLM\..\RunOnce: [appww32.exe] C:\WINDOWS\system32\appww32.exe
    O4 - HKLM\..\RunOnce: [appyu32.exe] C:\WINDOWS\appyu32.exe
    O4 - HKLM\..\RunOnce: [netau32.exe] C:\WINDOWS\netau32.exe
    O4 - HKLM\..\RunOnce: [winbd.exe] C:\WINDOWS\winbd.exe
    O4 - HKLM\..\RunOnce: [mfcgf.exe] C:\WINDOWS\system32\mfcgf.exe
    O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cab


    Any help would be greatly appreciated!! I'm ready to just reformat my harddrive at this point!

    Thanks,

    Booch
     
Thread Status:
Not open for further replies.