Newbie dot Org HomePage
Visit one of our web buddies
Hijacked!!
John S
jsandusk@columbus.rr.com
07/28/04 		IE homepage keeps changing to a lame search page every time i open browser. ie & outlook express sometimes require to close for no apparrent reason. computer takes about 5 min. to reboot. HELogfile of HijackThis v1.98.0
Scan saved at 10:05:16 PM, on 7/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\mfcuz32.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\WINNT\system32\msts32.exe
C:\WINNT\System32\P2P Networking\P2P Networking.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\John\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vvidv.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vvidv.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\vvidv.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Jana\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\vvidv.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\John\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {395E7AA2-783C-7CE1-FAE7-A0A97EA4B598} - C:\WINNT\sysry32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINNT\Downloaded Program Files\ycomp5_1_6_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [msts32.exe] C:\WINNT\system32\msts32.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\RunOnce: [syskj32.exe] C:\WINNT\system32\syskj32.exe
O4 - HKLM\..\RunOnce: [sdklp32.exe] C:\WINNT\sdklp32.exe
O4 - HKLM\..\RunOnce: [winfe.exe] C:\WINNT\system32\winfe.exe
O4 - HKLM\..\RunOnce: [sysdm.exe] C:\WINNT\sysdm.exe
O4 - HKLM\..\RunOnce: [javasz.exe] C:\WINNT\javasz.exe
O4 - HKLM\..\RunOnce: [mfccj.exe] C:\WINNT\mfccj.exe
O4 - HKLM\..\RunOnce: [javarv.exe] C:\WINNT\system32\javarv.exe
O4 - HKLM\..\RunOnce: [appyh.exe] C:\WINNT\appyh.exe
O4 - HKLM\..\RunOnce: [iesa.exe] C:\WINNT\iesa.exe
O4 - HKLM\..\RunOnce: [apikp.exe] C:\WINNT\system32\apikp.exe
O4 - HKLM\..\RunOnce: [appdb.exe] C:\WINNT\system32\appdb.exe
O4 - HKLM\..\RunOnce: [atlmv32.exe] C:\WINNT\atlmv32.exe
O4 - HKLM\..\RunOnce: [atlla32.exe] C:\WINNT\system32\atlla32.exe
O4 - HKLM\..\RunOnce: [sdkfk32.exe] C:\WINNT\system32\sdkfk32.exe
O4 - HKLM\..\RunOnce: [d3vb.exe] C:\WINNT\system32\d3vb.exe
O4 - HKLM\..\RunOnce: [ipvz32.exe] C:\WINNT\system32\ipvz32.exe
O4 - HKLM\..\RunOnce: [crnj32.exe] C:\WINNT\system32\crnj32.exe
O4 - HKLM\..\RunOnce: [netjb.exe] C:\WINNT\netjb.exe
O4 - HKLM\..\RunOnce: [addeg32.exe] C:\WINNT\system32\addeg32.exe
O4 - HKLM\..\RunOnce: [atlgk32.exe] C:\WINNT\system32\atlgk32.exe
O4 - HKLM\..\RunOnce: [creu.exe] C:\WINNT\system32\creu.exe
O4 - HKLM\..\RunOnce: [addvf.exe] C:\WINNT\addvf.exe
O4 - HKLM\..\RunOnce: [ipip32.exe] C:\WINNT\ipip32.exe
O4 - HKLM\..\RunOnce: [apifg.exe] C:\WINNT\system32\apifg.exe
O4 - HKLM\..\RunOnce: [iebf.exe] C:\WINNT\system32\iebf.exe
O4 - HKLM\..\RunOnce: [ntdc.exe] C:\WINNT\ntdc.exe
O4 - HKLM\..\RunOnce: [ipmc32.exe] C:\WINNT\ipmc32.exe
O4 - HKLM\..\RunOnce: [addjb32.exe] C:\WINNT\addjb32.exe
O4 - HKLM\..\RunOnce: [mfcuz32.exe] C:\WINNT\system32\mfcuz32.exe
O4 - HKLM\..\RunOnce: [syszu.exe] C:\WINNT\system32\syszu.exe
O4 - HKLM\..\RunOnce: [netbq.exe] C:\WINNT\netbq.exe
O4 - HKLM\..\RunOnce: [apixf.exe] C:\WINNT\system32\apixf.exe
O4 - HKLM\..\RunOnce: [javaib.exe] C:\WINNT\system32\javaib.exe
O4 - HKLM\..\RunOnce: [addju.exe] C:\WINNT\system32\addju.exe
O4 - HKLM\..\RunOnce: [ipgn.exe] C:\WINNT\ipgn.exe
O4 - HKLM\..\RunOnce: [sdkrw32.exe] C:\WINNT\system32\sdkrw32.exe
O4 - HKLM\..\RunOnce: [javaak.exe] C:\WINNT\system32\javaak.exe
O4 - HKLM\..\RunOnce: [ntde.exe] C:\WINNT\system32\ntde.exe
O4 - HKLM\..\RunOnce: [sysym32.exe] C:\WINNT\sysym32.exe
O4 - HKLM\..\RunOnce: [msfb32.exe] C:\WINNT\msfb32.exe
O4 - HKLM\..\RunOnce: [addxs.exe] C:\WINNT\system32\addxs.exe
O4 - HKLM\..\RunOnce: [winqw.exe] C:\WINNT\system32\winqw.exe
O4 - HKLM\..\RunOnce: [atlun.exe] C:\WINNT\atlun.exe
O4 - HKLM\..\RunOnce: [atlel32.exe] C:\WINNT\atlel32.exe
O4 - HKLM\..\RunOnce: [d3rh32.exe] C:\WINNT\system32\d3rh32.exe
O4 - HKLM\..\RunOnce: [javavj.exe] C:\WINNT\system32\javavj.exe
O4 - HKLM\..\RunOnce: [sdkqv.exe] C:\WINNT\sdkqv.exe
O4 - HKLM\..\RunOnce: [msdu.exe] C:\WINNT\system32\msdu.exe
O4 - HKLM\..\RunOnce: [mfcls32.exe] C:\WINNT\mfcls32.exe
O4 - HKLM\..\RunOnce: [crjr32.exe] C:\WINNT\crjr32.exe
O4 - HKLM\..\RunOnce: [d3lo32.exe] C:\WINNT\d3lo32.exe
O4 - HKLM\..\RunOnce: [iewc32.exe] C:\WINNT\iewc32.exe
O4 - HKLM\..\RunOnce: [apixa32.exe] C:\WINNT\system32\apixa32.exe
O4 - HKLM\..\RunOnce: [mfcaz32.exe] C:\WINNT\system32\mfcaz32.exe
O4 - HKLM\..\RunOnce: [d3rx32.exe] C:\WINNT\d3rx32.exe
O4 - HKLM\..\RunOnce: [winba.exe] C:\WINNT\winba.exe
O4 - HKLM\..\RunOnce: [d3cv.exe] C:\WINNT\d3cv.exe
O4 - HKLM\..\RunOnce: [netsj32.exe] C:\WINNT\system32\netsj32.exe
O4 - HKLM\..\RunOnce: [addzw32.exe] C:\WINNT\addzw32.exe
O4 - HKLM\..\RunOnce: [addbk32.exe] C:\WINNT\system32\addbk32.exe
O4 - HKLM\..\RunOnce: [iewk32.exe] C:\WINNT\system32\iewk32.exe
O4 - HKLM\..\RunOnce: [apips.exe] C:\WINNT\system32\apips.exe
O4 - HKLM\..\RunOnce: [addlo32.exe] C:\WINNT\addlo32.exe
O4 - HKLM\..\RunOnce: [ipim32.exe] C:\WINNT\ipim32.exe
O4 - HKLM\..\RunOnce: [mfcil.exe] C:\WINNT\mfcil.exe
O4 - HKLM\..\RunOnce: [atluj32.exe] C:\WINNT\atluj32.exe
O4 - HKLM\..\RunOnce: [addwh.exe] C:\WINNT\addwh.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O8 - Extra context menu item: &Define - C:\WINNT\Web\ERS_DEF.HTM
O8 - Extra context menu item: &Search the Web - C:\WINNT\Web\ERS_SRC.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINNT\Web\ERS_ENC.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'osmim.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.skoobidoo.com
O16 - DPF: Sametime Meeting Toolkit ST25 - file://C:\WINNT\Java\ControlF1\STMeeting25.cab
O16 - DPF: {10000000-1000-0000-1000-00} - file://C:\Program Files\Internet Explorer\kdkpzka.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} - http://www.silvercrk.com/downloaders/hwsolii.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20011217/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/18a4f39ade98be31ec06/netzip/RdxIE6.cab
O16 - DPF: {645D793B-33E2-4175-A7E1-BA490839358A} (DNL Control) - http://www.huntfly.com/media/MyFIDNL.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.roings.com/cabs/chedownzip.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINNT\msopt.dll

LP

Anti-SpyWare: spy sweeper
Anti-Virus: Norton
Browser: IE
Firewall: norton
OS: Windows xp

© Copyright 1998-2004 Newbie dot Org -- All rights reserved --
This site maintained by Galaxy Website Design


--|--