Outlook Express Hijacked?

Discussion in 'adware, spyware & hijack cleaning' started by Bob 701, Jan 25, 2004.

Thread Status:
Not open for further replies.
  1. Bob 701

    Bob 701 Registered Member

    Joined:
    Nov 11, 2003
    Posts:
    1
    I believe my Outlook Express has been hijacked (modified).
    I received an email from ship-amazon.com confirming my order for 4 books for $194.80. I didn't order any books from amazon, although I do have an account there, so I
    felt this was a scam.
    I tried to send an email to amazon at there legitimate web site (amazon.com) but Outlook Express returned a "Check
    Name" error message that said the name was not in my Address Book. I cannot send an email to any web address not in my Address Book. Also, I cannot add a new address to this book.
    Per your directions, I ran AdAware and Spybot, nothing showed up, so I downloaded and ran Hijack This, the log file is listed below:

    Logfile of HijackThis v1.97.7
    Scan saved at 11:26:12 PM, on 1/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton Personal Firewall\NISUM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\LinkStash\lsmon.exe
    C:\PROGRA~1\CLIPMA~1\ClipMt62.exe
    C:\Program Files\Webroot\Washer\wwDisp.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\TextToSpeechLivePlayer\ttslp.exe
    C:\Program Files\LinkStash\lnkstash.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\speech\vcmd.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\PROGRA~1\Netscape\Netscape\Netscp.exe
    C:\Program Files\Weather Watcher\ww.exe
    C:\Program Files\Browser Hijack Blaster\bhblaster.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Ontrack\PowerDesk\PDEXPLO.EXE
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_0/home.html"); (C:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\p1kq4zba.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Bob\Application Data\Mozilla\Profiles\default\p1kq4zba.slt\prefs.js)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar_en_2.0.106-big.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar_en_2.0.106-big.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [BCWipeTM Startup] "c:\Program Files\BC Wipe\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
    O4 - HKCU\..\Run: [ClipMate6] C:\PROGRA~1\CLIPMA~1\ClipMt62.exe
    O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Text To Speech Live Player.lnk = C:\Program Files\TextToSpeechLivePlayer\ttslp.exe
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmcache.html
    O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~1\STARDO~1\sdie.htm
    O8 - Extra context menu item: Leech with Star Downloader - C:\PROGRA~1\STARDO~1\leechie.htm
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmsimilar.html
    O8 - Extra context menu item: Speak by Text To Speech LIver Player - C:\Program Files\TextToSpeechLivePlayer\ttslpcom.htm
    O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar_en_2.0.106-big.dll/cmtrans.html
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi Bob 701,

    The only thing in your log that is new to me is this one:
    O4 - HKCU\..\Run: [LinkStashMonitor] "C:\Program Files\LinkStash\lsmon.exe"

    Also have a look around here:
    http://insideoe.tomsterdam.com/problems/errors.htm#foldersdbx

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.