-
My Browser was Hijacked
Hi, I hope someone can help me. I have a Hijacker that just keeps coming back. It happens with Internet Explorer and Firefox…but more with IE. Here are a few sites that are coming up…
w ww.wallst.net
w ww.setthetrend.com
w ww.commercialloansolutions.net
Also my cookie setting is always changing back to “Accept all Cookies”
After following your instructions here are my results..
You have no idea how much I appreciate what you are doing …Thank you!!!!
Kaspersky Text File:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 12, 2008 10:21:35 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/01/2008
Kaspersky Anti-Virus database records: 508736
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
H:\
T:\
Scan Statistics:
Total number of scanned objects: 85535
Number of viruses found: 4
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 00:59:26
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_RI001SU-DBY1E.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_RI001SU-DBY1E.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080111_Time-164406375_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080111_Time-164406375_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\RI001SU\Application Data\Microsoft\Templates\Live Meeting Toolbar Cusomizations.dot Object is locked skipped
C:\Documents and Settings\RI001SU\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\RI001SU\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~DF23AE.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~DF248A.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~DF7E35.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~DF7E53.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~DFDA.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~DFFB71.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~WRD0003.doc Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temp\~WRF0002.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\RI001SU\My Documents\interwise\participant\Logs\PLLog9.log Object is locked skipped
C:\Documents and Settings\RI001SU\My Documents\sites.doc Object is locked skipped
C:\Documents and Settings\RI001SU\My Documents\~WRL1025.tmp Object is locked skipped
C:\Documents and Settings\RI001SU\ntuser.dat Object is locked skipped
C:\Documents and Settings\RI001SU\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BigFix Enterprise\BES Client\__BESData\__Global\Logs\20080112.log Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PALMAPP.DOT Object is locked skipped
C:\Program Files\Network Associates\System Compliance Profiler\PtchScan.log Object is locked skipped
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\Program Files\Novadigm\Log\radexecd.log Object is locked skipped
C:\Program Files\Novadigm\Log\radsched.log Object is locked skipped
C:\Program Files\Novadigm\Log\radstgms.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B902E4F9-4EA6-4060-8AFF-1C7C775FF910}\RP122\A0072508.exe/file1 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped
C:\System Volume Information\_restore{B902E4F9-4EA6-4060-8AFF-1C7C775FF910}\RP122\A0072508.exe/file3 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped
C:\System Volume Information\_restore{B902E4F9-4EA6-4060-8AFF-1C7C775FF910}\RP122\A0072508.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{B902E4F9-4EA6-4060-8AFF-1C7C775FF910}\RP122\A0072512.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped
C:\System Volume Information\_restore{B902E4F9-4EA6-4060-8AFF-1C7C775FF910}\RP134\A0075751.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{B902E4F9-4EA6-4060-8AFF-1C7C775FF910}\RP134\change.log Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\Netlogon.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\IE7_main.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\DEFAULT Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\SOFTWARE Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SYSTEM Object is locked skipped
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\drivers\fidbox.dat Object is locked skipped
C:\WINNT\system32\drivers\fidbox.idx Object is locked skipped
C:\WINNT\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINNT\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\system32\jkkjj.dll Infected: Virus.Win32.Trats.c skipped
C:\WINNT\system32\jkkjj.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.cli skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hijackthis LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:11 AM, on 01/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\nslsvice.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\WINNT\SYSTEM32\DWRCS.EXE
C:\WINNT\system32\enstart.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\notes\ntmulti.exe
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\wuauclt.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Interwise\Participant\pull.exe
C:\Program Files\WallData\SYSTEM\BrskStrt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pitbowa/hod/HODCached.html
F3 - REG:win.ini: load=C:\WINNT\system32\jkkjj.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - Global Startup: AT&T Global Network Client Monitor.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Push Client.LNK = C:\Program Files\Interwise\Participant\pull.exe
O4 - Global Startup: RUMBA Lightning.lnk = C:\Program Files\WallData\SYSTEM\BrskStrt.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.pbi.global.pvt
O15 - Trusted Zone: *.pb.com
O15 - Trusted Zone: *.pitneybowes.ca
O15 - Trusted IP range: 161.228.211.79
O16 - DPF: MATCastInstaller - http://www.matcast.net/NewMATCastInstaller.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://notesshecl1.pb.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1187981573285
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://attwm.webex.com/client/v_myw...ex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\Software\..\Telephony: DomainName = pbi.global.pvt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pbi.global.pvt,ct.pb.com,nw.pb.com,pitneybowes.ca,g1.com,pb.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = pbi.global.pvt
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = pbi.global.pvt,ct.pb.com,nw.pb.com,pitneybowes.ca,g1.com,pb.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pbi.global.pvt,ct.pb.com,nw.pb.com,pitneybowes.ca,g1.com,pb.com
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: BES Client (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINNT\SYSTEM32\DWRCS.EXE
O23 - Service: enstart - Unknown owner - C:\WINNT\system32\enstart.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lotus Notes Single Logon - Unknown owner - C:\WINNT\system32\nslsvice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - Unknown owner - C:\Program Files\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8477 bytes
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
