Help! I've Been Hijacked!

Discussion in 'adware, spyware & hijack cleaning' started by Booch, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. Booch

    Booch Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1
    Location:
    Troy, OH
    I have 'Home Search Assistant', 'Search Extender', and 'Shopping Wizard' all showing up in 'add / remove programs', but can't get rid of them; they keep on coming back and keep changing my home page, etc.

    Just ran spybot and hijackthis; here's the log:

    Logfile of HijackThis v1.98.0
    Scan saved at 12:46:45 AM, on 7/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\appxv.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\WINDOWS\ntom32.exe
    C:\Program Files\support.com\bin\tgcmd.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
    C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\WINDOWS\System32\hpoipm07.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\mcafee.com\agent\McDash.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
    C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
    C:\Documents and Settings\Booch\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\smkrz.dll/sp.html#37049
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search-to-find.com/sh.php?qq=blank&pin=37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://hygvj.dll/index.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\hygvj.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\hygvj.dll/sp.html#37049
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://hygvj.dll/index.html#37049
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {0FEE7E33-7D50-E2F1-5115-7D9B474CAEA8} - C:\WINDOWS\system32\netwt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
    O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ntom32.exe] C:\WINDOWS\ntom32.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
    O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
    O4 - HKLM\..\RunOnce: [crbr.exe] C:\WINDOWS\system32\crbr.exe
    O4 - HKLM\..\RunOnce: [apivi32.exe] C:\WINDOWS\system32\apivi32.exe
    O4 - HKLM\..\RunOnce: [iplp.exe] C:\WINDOWS\iplp.exe
    O4 - HKLM\..\RunOnce: [iest.exe] C:\WINDOWS\system32\iest.exe
    O4 - HKLM\..\RunOnce: [winwr32.exe] C:\WINDOWS\winwr32.exe
    O4 - HKLM\..\RunOnce: [ntfv32.exe] C:\WINDOWS\system32\ntfv32.exe
    O4 - HKLM\..\RunOnce: [d3hw32.exe] C:\WINDOWS\system32\d3hw32.exe
    O4 - HKLM\..\RunOnce: [apirk32.exe] C:\WINDOWS\apirk32.exe
    O4 - HKLM\..\RunOnce: [apito32.exe] C:\WINDOWS\system32\apito32.exe
    O4 - HKLM\..\RunOnce: [apprg.exe] C:\WINDOWS\system32\apprg.exe
    O4 - HKLM\..\RunOnce: [appxv.exe] C:\WINDOWS\appxv.exe
    O4 - HKLM\..\RunOnce: [netym32.exe] C:\WINDOWS\system32\netym32.exe
    O4 - HKLM\..\RunOnce: [syshk32.exe] C:\WINDOWS\syshk32.exe
    O4 - HKLM\..\RunOnce: [addfk32.exe] C:\WINDOWS\addfk32.exe
    O4 - HKLM\..\RunOnce: [ipzd.exe] C:\WINDOWS\system32\ipzd.exe
    O4 - HKLM\..\RunOnce: [appfk32.exe] C:\WINDOWS\appfk32.exe
    O4 - HKLM\..\RunOnce: [crqy32.exe] C:\WINDOWS\system32\crqy32.exe
    O4 - HKLM\..\RunOnce: [d3rt32.exe] C:\WINDOWS\system32\d3rt32.exe
    O4 - HKLM\..\RunOnce: [ipvu.exe] C:\WINDOWS\ipvu.exe
    O4 - HKLM\..\RunOnce: [sysgm32.exe] C:\WINDOWS\system32\sysgm32.exe
    O4 - HKLM\..\RunOnce: [syskz.exe] C:\WINDOWS\system32\syskz.exe
    O4 - HKLM\..\RunOnce: [crwd32.exe] C:\WINDOWS\crwd32.exe
    O4 - HKLM\..\RunOnce: [msxs.exe] C:\WINDOWS\msxs.exe
    O4 - HKLM\..\RunOnce: [atlot.exe] C:\WINDOWS\atlot.exe
    O4 - HKLM\..\RunOnce: [javarn32.exe] C:\WINDOWS\system32\javarn32.exe
    O4 - HKLM\..\RunOnce: [mstm32.exe] C:\WINDOWS\system32\mstm32.exe
    O4 - HKLM\..\RunOnce: [netgb32.exe] C:\WINDOWS\netgb32.exe
    O4 - HKLM\..\RunOnce: [crxm32.exe] C:\WINDOWS\crxm32.exe
    O4 - HKLM\..\RunOnce: [syswh.exe] C:\WINDOWS\syswh.exe
    O4 - HKLM\..\RunOnce: [appzs32.exe] C:\WINDOWS\appzs32.exe
    O4 - HKLM\..\RunOnce: [crht32.exe] C:\WINDOWS\crht32.exe
    O4 - HKLM\..\RunOnce: [atlgj32.exe] C:\WINDOWS\atlgj32.exe
    O4 - HKLM\..\RunOnce: [sdkmc32.exe] C:\WINDOWS\sdkmc32.exe
    O4 - HKLM\..\RunOnce: [atlrk32.exe] C:\WINDOWS\atlrk32.exe
    O4 - HKLM\..\RunOnce: [javauo.exe] C:\WINDOWS\system32\javauo.exe
    O4 - HKLM\..\RunOnce: [addtp.exe] C:\WINDOWS\addtp.exe
    O4 - HKLM\..\RunOnce: [crvk.exe] C:\WINDOWS\system32\crvk.exe
    O4 - HKLM\..\RunOnce: [mfcyh32.exe] C:\WINDOWS\mfcyh32.exe
    O4 - HKLM\..\RunOnce: [apptn32.exe] C:\WINDOWS\apptn32.exe
    O4 - HKLM\..\RunOnce: [mfctz.exe] C:\WINDOWS\system32\mfctz.exe
    O4 - HKLM\..\RunOnce: [sdknx.exe] C:\WINDOWS\sdknx.exe
    O4 - HKLM\..\RunOnce: [javase.exe] C:\WINDOWS\javase.exe
    O4 - HKLM\..\RunOnce: [appww32.exe] C:\WINDOWS\system32\appww32.exe
    O4 - HKLM\..\RunOnce: [appyu32.exe] C:\WINDOWS\appyu32.exe
    O4 - HKLM\..\RunOnce: [netau32.exe] C:\WINDOWS\netau32.exe
    O4 - HKLM\..\RunOnce: [winbd.exe] C:\WINDOWS\winbd.exe
    O4 - HKLM\..\RunOnce: [mfcgf.exe] C:\WINDOWS\system32\mfcgf.exe
    O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
    O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
    O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cab


    Any help would be greatly appreciated!! I'm ready to just reformat my harddrive at this point!

    Thanks,

    Booch
     
    Booch, Jul 17, 2004
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...