Results 1 to 4 of 4

Thread: I've been hijacked

  1. #1
    SG Enthusiast Think's Avatar
    Join Date
    Sep 2001
    Posts
    2,283

    I've been hijacked

    I posted the strange scenario in another area but I'm pretty sure that it's some sort of malicious problem in the system.

    What't happening

    1) On occasion, the google homepage will turn to a French language preference without my permission

    2) I cannot change from google.ca to google.com with either Firefox or IE7.0 in preference. It shows google.com but defaults back to google.ca.

    Running processes:
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files (x86)\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files (x86)\Raxco\PerfectDisk\PDEngine.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\GhostWall\ghostwall.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Logitech\G-series Software\Applets\LCDMedia.exe
    C:\Program Files (x86)\Acronis\TrueImageServer\TrueImageMonitor.exe
    C:\Program Files (x86)\Acronis\TrueImageServer\TimounterMonitor.exe
    C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
    C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
    C:\Program Files (x86)\Google\Web Accelerator\googlewebaccclient.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~2\SYMANT~1\VPTray.exe
    C:\Program Files (x86)\Common Files\Logitech\LComMgr\LVComSX.exe
    C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\cli.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
    F2 - REG:system.ini: UserInit=userinit
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageServer\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageServer\TimounterMonitor.exe
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files (x86)\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~2\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files (x86)\Common Files\Logitech\LComMgr\LVComSX.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files (x86)\Google\Web Accelerator\GoogleWebAccWarden.exe
    O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://epass.toronto.ca/vdesk/cache...0,0,61026,1952
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119w.bay119.mail.live.com/m...s/MsnPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158646104406
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~2\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
    O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2saag.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files (x86)\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files (x86)\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIb\RpcSandraSrv.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files (x86)\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    Ran CCleaner, Ran Adaware, ran search and destroy, ran LSPfix.exe
    got old



  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,943
    Quote Originally Posted by Think View Post
    Ran CCleaner, Ran Adaware, ran search and destroy, ran LSPfix.exe
    Give SuperAntispyware a shot....
    www.superantispyware.com

    I've been using a LOT lately..a permanent addition to my USB bag of tricks. I find it FAR better than old Spybot and Adaware. Matter of fact it's the first thing I run now (after CCleaner).

    It also has a browser protection feature to prevent unwanted browser home page jacks. Run a thorough scan with it.

    I'd also scan with a good antivirus product or two...get a second and third opinion there.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Writing is life. holokaustos's Avatar
    Join Date
    Dec 2006
    Location
    Michigan...Wolverine Country!
    Posts
    206
    Quote Originally Posted by YeOldeStonecat View Post
    I find it FAR better than old Spybot and Adaware.
    You're saying that Spybot is no longer any good???
    Quote Originally Posted by YARDofSTUF View Post
    I got double my money cuz holokuasusususatsos quoted me too...
    Destroy racism Protect Net Neutrality

  4. #4
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,912
    Quote Originally Posted by holokaustos View Post
    You're saying that Spybot is no longer any good???
    No, he's just saying it's better, and I agree. It's by far the best freebie out there, but SpyBot still offers the immunization feature and has weekly updates with good detection rates. They are all free so why not use them all.


Similar Threads

  1. I need help with hijacked system
    By Sid in forum General Discussion Board
    Replies: 0
    Last Post: 12-01-05, 11:06 PM
  2. My laptop's been hijacked - please help!
    By bigpicture in forum Network Security
    Replies: 1
    Last Post: 11-25-05, 01:05 PM
  3. What can i do
    By Blingz in forum Software Forum
    Replies: 49
    Last Post: 11-16-05, 06:34 AM
  4. Computer slows down over night
    By Shredhead in forum General Discussion Board
    Replies: 38
    Last Post: 02-06-05, 09:37 PM
  5. I've been hijacked
    By Chris in forum Distributed Computing
    Replies: 1
    Last Post: 02-01-05, 12:21 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •