1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

who hijacks?

Discussion in 'Virus & Other Malware Removal' started by Cora, Oct 3, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. Cora

    Cora Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    91
    I got a "hijacker" stamped file when I ran Spybot, anti-spy ware. I deleted the back up without really reading it, not thinking. But then I wondered do marketing companies mainly hijack a computer or do twisted individuals? I know individuals do too, but I thought maybe companies do a lot too. Just curious whose been messing around with my computer.
     
  2. Cora

    Cora Thread Starter

    Joined:
    Sep 12, 2003
    Messages:
    91
    I forgot to mention, all my other files but one was "spyware" and one was a "hijacker", hence my question.
     
  3. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
  4. my my me me

    my my me me

    Joined:
    Oct 4, 2003
    Messages:
    2
    Logfile of HijackThis v1.97.2
    Scan saved at 7:44:47 AM, on 10/4/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SOINTGR.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMMONSEARCH\VCATCH\VCATCH.EXE
    C:\PROGRAM FILES\POPUP & PRIVACY DEFENDER FOR IE\PDIE.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
    C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
    C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\77KM7PM2\HIJACKTHIS[1]\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [SO5 Integrator Pass One] C:\WINDOWS\SOINTGR.EXE
    O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
    O4 - HKCU\..\Run: [VCatch] C:\PROGRAM FILES\COMMONSEARCH\VCATCH\VCATCH.EXE
    O4 - HKCU\..\Run: [Popup & Privacy Defender for IE] "C:\PROGRAM FILES\POPUP & PRIVACY DEFENDER FOR IE\PDIE.EXE" Minimize
    O4 - Startup: AMERICA ONLINE 7.0 TRAY ICON.LNK = C:\Program Files\America Online 7.0\aoltray.exe
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: P&&PDIE (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37883.5581134259
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: Yahoo! Pinochle - http://O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/gamedownload.games.yahoo.com/games/clients/y/ut2_x.cab
    O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
    s/clients/y/nt1_x.cab
     
  5. my my me me

    my my me me

    Joined:
    Oct 4, 2003
    Messages:
    2
    Can anyone tell me how people cheat in Pogo games? They do things <jrm> or asterik marks when they say rain. I'd like to know how they stayout of the rain too. Which is what they call it when someone with a Boxxxxxxxx does locates a person and they always seem to know no mater how much they change their name.
     
  6. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    my my me me...................your log is clean.......are you having problems?

    no idea about your 2nd question.

    ;)
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/169394

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice