Thread: hijackthis log
View Single Post
Old 11-17-2008, 06:28 PM   #3 (permalink)
seadoo1992
Registered User
 
Join Date: Nov 2008
Posts: 7
OS: xp home


Re: hijackthis log
Hello:
My IE6 browser looks like it is being hijacked to this site:
hxxp://www.metacafe.com/watch/1017351/build_levitation_device/
hxxp://www.metacafe.com/watch/508368/how_to_cut_a_glass_bottle/


Thank you for your help



DDS (Version 1.0) - NTFSx86
Run by MyPC at 20:12:57.65 on Mon 11/17/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.882 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\slpmonx.exe
c:\program files\timbuktu pro\tb2launch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\program files\timbuktu pro\minitb2.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Documents and Settings\KTMiller\Application Data\Adobe\Manager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\KTMiller\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://sympatico.msn.ca/
uInternet Settings,ProxyOverride = *.local
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {598F4775-6FB6-477B-9842-E0426824E077} - c:\docume~1\ktmiller\locals~1\temp\~DP3.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [<NO NAME>]
uRun: [ATI Remote Control] c:\program files\ati multimedia\remctrl\ATIRW.exe
uRun: [Run] "c:\documents and settings\ktmiller\application data\adobe\Manager.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SecurDisc] c:\program files\nero\nero 7\incd\NBHGui.exe
mRun: [InCD] c:\program files\nero\nero 7\incd\InCD.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [EPSON Stylus Photo R320 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB002" /M "Stylus Photo R320"
mRun: [HP Lamp] "c:\program files\hewlett-packard\hp precisionscan\precisionscan pro\hplamp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\ktmiller\startm~1\programs\startup\outloo~1.lnk - c:\program files\outlook express\msimn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: {93994DE8-8239-4655-B1D1-5F4E91300429} - c:\program files\dvd region+css free\DVDShell.dll
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys

=============== Created Last 30 ================

2008-11-17 20:06 250 a------- c:\windows\gmer.ini
2008-11-15 02:28 87,608 a------- c:\docume~1\ktmiller\applic~1\inst.exe
2008-11-15 02:28 <DIR> --d----- c:\program files\DVDFab 5
2008-11-15 01:59 <DIR> --d----- c:\docume~1\ktmiller\applic~1\1ClickDVDCopy
2008-11-15 01:57 81,920 a------- c:\docume~1\ktmiller\applic~1\ezpinst.exe
2008-11-15 01:57 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2008-11-15 01:57 47,360 a------- c:\docume~1\ktmiller\applic~1\pcouffin.sys
2008-11-15 01:57 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Vso
2008-11-15 01:57 <DIR> --d----- c:\program files\LG Software Innovations
2008-11-11 23:31 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-09 08:54 1,725 a---h--- C:\hpothb07.tif
2008-11-09 08:54 910 a---h--- C:\hpothb07.dat
2008-11-03 23:03 37,027 a------- c:\windows\atmoUn.exe
2008-11-03 23:03 <DIR> --d----- c:\program files\Viewpoint
2008-11-03 23:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-10-29 16:32 <DIR> --d----- C:\USMT

==================== Find3M ====================

2008-11-15 02:40 <DIR> --d----- c:\program files\DVD Region+CSS Free
2008-11-15 02:31 <DIR> --d----- c:\program files\Symantec AntiVirus
2008-10-29 16:31 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Tunebite
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-27 15:30 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Creative Memories Photo Center
2008-09-17 19:48 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Saba
2008-09-17 19:41 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Centra
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-13 23:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2008-09-13 22:17 <DIR> --d----- c:\docume~1\ktmiller\applic~1\.ABC
2008-09-11 22:07 <DIR> --d----- c:\docume~1\ktmiller\applic~1\Creative Memories
2008-09-11 22:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative Memories
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-05 16:58 59,580 a------- c:\windows\system32\unins000.dat
2008-09-05 16:57 695,834 a------- c:\windows\system32\unins000.exe
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-09-03 16:41 119,296 a------- c:\windows\system32\libmpeg2_ff.dll
2008-09-03 16:35 3,571,712 a------- c:\windows\system32\libavcodec.dll
2008-08-30 13:24 695,808 a------- c:\windows\system32\ff_x264.dll
2008-08-26 14:11 987,136 a------- c:\windows\system32\VSFilter.dll
2008-08-23 16:24 178,176 a------- c:\windows\system32\ff_theora.dll
2008-08-20 00:30 666,112 a------- c:\windows\system32\wininet.dll
2008-08-12 14:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LightScribe
2008-08-10 21:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ATI MMC
2008-08-10 15:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2008-08-10 14:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec

============= FINISH: 20:13:10.31 ===============
Attached Files
File Type: txt Attach.txt (6.3 KB, 1 views)
File Type: txt Gmer.txt (6.2 KB, 2 views)
seadoo1992 is offline