MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » 

Re: HijackThisLog Analysis - Bobbing

You may want to take a closer look at...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??www.free-popup-killer.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:??rd.yahoo.com/customize/ymsgr/defaults/*http:??my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:??rd.yahoo.com/customize/ymsgr/defaults/su/*http:??www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:??www.free-popup-killer.com/ie/?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\WINDOWS\system\SEARCH~1.DLL

O1 - Hosts: 216.40.230.4 desktop.kazaa.com
O1 - Hosts: 216.40.230.4 alpha.kazaa.com
O1 - Hosts: 216.40.230.4 shop.kazaa.com

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {E7F89C28-2A82-9DBB-AD0B-3516C280F3C3} - (no file)

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [REWARDS NETWORK] C:\Program Files\Rewards Network\brntray.exe
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm

O9 - Extra button: Erotic (HKLM)

O16 - DPF: Video Poker - http:??download.games.yahoo.com/games/clients/y/vps1_x.cab
O16 - DPF: Yahoo! Bingo - http:??download.yahoo.com/games/clients/y/xs1_x.cab
O16 - DPF: Yahoo! Chat - http:??cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http:??download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Dots - http:??download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http:??download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: Yahoo! Literati - http:??download.yahoo.com/games/clients/y/ts0_x.cab
O16 - DPF: Yahoo! Pool 2 - http:??download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spelldown - http:??download.yahoo.com/games/clients/y/sds0_x.cab
O16 - DPF: Yahoo! Word Racer - http:??download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http:??www.pollg.com/central/02030106/cccabs/CleverContent.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http:??www.memolink.com/CFIDE/classes/CFJava.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540002} (CInstall Class) - http:??www.wildtangent.com/webdrivers/webinstall/shockwave/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http:??download.weatherbug.com/minibug/ tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http:??webpdp.gator.com/v3/download/pdpplugin_4094_hd3ptdm.cab
O16 - DPF: {8E65B894-C2E9-11D5-BCD3-00E018987501} - http:??195.57.118.137/01/cabs/@sexygomx.cab
O16 - DPF: {8E65B894-C2E9-11D5-BCD3-00E018987503} - http:??195.57.118.137/03/cabs/topcorridases.cab
O16 - DPF: {8E65B894-C2E9-11D5-BCD3-00E018987509} - http:??09.sharedsource.org/cabs/videos_xxxus.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http:??www.cavello.com/dialxs/plugins/d/100/010/nl.exe
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http:??webpdp.gator.com/v3/download/pdpplugin5094_hd3ptdmgainads.cab

Original log but with private information removed.

Logfile of HijackThis v1.97.7
Scan saved at 10:38:11 PM, on 7-5-04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\regsvc32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Pulse\Pulse.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AIM95\aim.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\MYIE2\MyIE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??www.free-popup-killer.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:??www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http:??www.free-popup-killer.com/ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:??rd.yahoo.com/customize/ymsgr/defaults/*http:??my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http:??rd.yahoo.com/customize/ymsgr/defaults/su/*http:??www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http:??www.free-popup-killer.com/ie/?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: SrchHook Class - {F08555B0-9CC3-11D2-AA8E-000000000000} - C:\WINDOWS\system\SEARCH~1.DLL
O1 - Hosts: 216.40.230.4 desktop.kazaa.com
O1 - Hosts: 216.40.230.4 alpha.kazaa.com
O1 - Hosts: 216.40.230.4 shop.kazaa.com
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {E7F89C28-2A82-9DBB-AD0B-3516C280F3C3} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WebInstall2] C:\DOCUME~1\Ashley\LOCALS~1\Temp\ins72.tmp /R /A
O4 - HKLM\..\Run: [regsvc32] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [Antivirus] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [MSRegSvc] C:\WINDOWS\System32\regsvc32.exe
O4 - HKLM\..\Run: [REWARDS NETWORK] C:\Program Files\Rewards Network\brntray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Ashley\My Documents\ downloaded programs-files\framxpro\FreeRAM XP Pro 1.31.exe" -win
O4 - HKCU\..\Run: [Pulse] C:\Program Files\Pulse\Pulse.exe -splash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res:??C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorerhtm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Erotic (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: SWFDecompiler (HKLM)
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O16 - DPF: Video Poker - http:??download.games.yahoo.com/games/clients/y/vps1_x.cab
O16 - DPF: Yahoo! Bingo - http:??download.yahoo.com/games/clients/y/xs1_x.cab
O16 - DPF: Yahoo! Chat - http:??cs5.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http:??download.games.yahoo.com/games/clients/y/dot2_x.cab
O16 - DPF: Yahoo! Dots - http:??download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Go Fish - http:??download.games.yahoo.com/games/clients/y/zt0_x.cab
O16 - DPF: Yahoo! Literati - http:??download.yahoo.com/games/clients/y/ts0_x.cab
O16 - DPF: Yahoo! Pool 2 - http:??download.games.yahoo.com/games/clients/y/potb_x.cab
O16 - DPF: Yahoo! Spelldown - http:??download.yahoo.com/games/clients/y/sds0_x.cab
O16 - DPF: Yahoo! Word Racer - http:??download.games.yahoo.com/games/clients/y/wt0_x.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http:??www.pollg.com/central/02030106/cccabs/CleverContent.cab

 

commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.