My Firefox browser is getting Hijacked every so often and being taken to
www.scanner.malware-scan.com. I've just run HijackThis and have included my log. Any help with this would be appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 8:44:24 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\csrss.
exe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\Ati2ev
xx.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\system32\Ati2ev
xx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spools
v.exe
C:\Program Files\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchro
nization.S
ervice.exe
C:\Program Files\ACT\ACT for Windows\Act.Scheduler.exe
C:\Program Files\Symantec\LiveUpdate\
ALUSchedul
erSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
sqlservr.e
xe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowse
r.exe
C:\WINDOWS\system32\svchos
t.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4
.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.ex
e
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTra
y.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Servic
e.exe
C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.e
xe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchro
nization.S
ervice.UI.
exe
C:\WINDOWS\RTHDCPL.EXE
E:\Adobe Photoshop Lightroom 1.2\apdproxy.exe
C:\Program Files\ScanSoft\OmniPagePro
12.0\Opwar
e12.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\MOM
.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonito
r.exe
C:\WINDOWS\system32\ctfmon
.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\ccc
.exe
C:\Program Files\Exodus\Exodus.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexSto
reSvr.exe
C:\PROGRA~1\Yahoo!\MESSEN~
1\YAHOOM~1
.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
ice.exe
C:\Program Files\BitTorrent_DNA\dna.e
xe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.ex
e
C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThi
s.exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.comR1 - HKLM\Software\Microsoft\In
ternet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\In
ternet Explorer\SearchURL,(Defaul
t) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Wi
ndows\Curr
entVersion
\Internet Settings,ProxyOverride = local.,;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\PROGRA~1\Yahoo!\Compani
on\Install
s\cpn\yt.d
ll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
695ECA0567
0} - C:\PROGRA~1\Yahoo!\Compani
on\Install
s\cpn\yt.d
ll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - C:\Program Files\Common Files\Adobe\Acrobat\Active
X\AcroIEHe
lper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-2
06D7942484
F} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
FC0DE4A789
7} - C:\Program Files\Yahoo!\Common\yiesrv
c.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D
426709BBFE
B} - C:\PROGRA~1\SPYWAR~1\tools
\iesdsg.dl
l
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
4DAF1D92D4
3} - C:\Program Files\Java\jre1.5.0_09\bin
\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0
445EE16191
0} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-1
7DF180C71A
C} - C:\PROGRA~1\SPYWAR~1\tools
\iesdpb.dl
l
O2 - BHO: Act.UI.InternetExplorer.Pl
ugins.Atta
chFile.CAt
tachFile - {D5233FCD-D258-4903-89B8-F
B1568E7413
D} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0
819E2EAAC9
3} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} - C:\PROGRA~1\Yahoo!\Compani
on\Install
s\cpn\yt.d
ll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.
exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTra
y.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Servic
e.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [ACTSchedulerUI] "C:\Program Files\ACT\ACT for Windows\Act.Scheduler.UI.e
xe" -Dfalse
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ACTSyncServiceUI] "C:\Program Files\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchro
nization.S
ervice.UI.
exe" -Dfalse
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\reals
ched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-
Static\CLI
Start.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Adobe Photoshop Lightroom 1.2\apdproxy.exe"
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro
12.0\Opwar
e12.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-
4d9f-84C7-
88D8A56B10
AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonito
r.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
.exe
O4 - HKCU\..\Run: [Exodus] C:\Program Files\Exodus\Exodus.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN
~1\YAHOOM~
1.EXE" -quiet
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.e
xe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IEAppend.h
tml
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IECapture.
html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IEAppend.h
tml
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IECaptureS
elLinks.ht
ml
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IEAppendSe
lLinks.htm
l
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IECapture.
html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IEAppend.h
tml
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClien
t.dll/Acro
IECapture.
html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
\Office10\
EXCEL.EXE/
3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_09\bin
\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
0401C60850
1} - C:\Program Files\Java\jre1.5.0_09\bin
\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4
C56B4E14E8
4} - C:\PROGRA~1\SPYWAR~1\tools
\iesdpb.dl
l
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-A
FF36D6C704
0} - C:\Program Files\WinHTTrack\WinHTTrac
kIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-A
FF36D6C704
0} - C:\Program Files\WinHTTrack\WinHTTrac
kIEBar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
FC0DE4A789
7} - C:\Program Files\Yahoo!\Common\yiesrv
c.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-8
9C7CE1B18F
6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-8
9C7CE1B18F
6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-5
8CAB36FD2A
2} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-5
8CAB36FD2A
2} - C:\PROGRA~1\SPYBOT~1\SDHel
per.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
0C04F79568
3} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: HP Instant Printing Plugin -
http://www.designjet.hp.com/instant_printing/plugin/hpwinstall.cab?version=2.0O16 - DPF: {0D6709DD-4ED8-40CA-B459-2
757AEEF7BE
E} (Dldrv2 Control) -
http://download.gigabyte.com.tw/object/Dldrv.ocxO16 - DPF: {149E45D8-163E-4189-86FC-4
5022AB2B6C
9} (SpinTop DRM Control) -
O16 - DPF: {30528230-99f7-4bb4-88d8-f
a1d4f56a2a
b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth
elper.dll
O16 - DPF: {83229950-AD1D-4B94-8304-F
56E95AFACF
7} (Surgient URA Remote Desktop Client) -
https://mscrm.demoservers.com/proxy/srdp.cabO16 - DPF: {CC450D71-CC90-424C-8638-1
F2DBAC87A5
4} (ArmHelper Control) -
O16 - DPF: {D7208880-9B7A-43E1-AABB-8
C888A5704F
9} (NetCamPlayerWeb11gv2 Control) -
http://72.166.31.115/NetCamPlayerWeb11gv2.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B
5AE0DC75AC
9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O17 - HKLM\System\CCS\Services\T
cpip\Param
eters: Domain = beeline.beelineandblue.com
O17 - HKLM\Software\..\Telephony
: DomainName = beeline.beelineandblue.com
O17 - HKLM\System\CCS\Services\T
cpip\..\{6
C49A0E0-01
2D-41F2-A5
4B-CBDDCA2
D4185}: NameServer = 72.166.31.91,72.166.31.92
O17 - HKLM\System\CCS\Services\T
cpip\..\{6
F5ADE1F-18
72-4E61-9E
A1-A4FAF3B
DE3C9}: NameServer = 72.166.31.91,72.166.31.92,
65.127.251
.82
O17 - HKLM\System\CS1\Services\T
cpip\Param
eters: Domain = beeline.beelineandblue.com
O17 - HKLM\System\CS2\Services\T
cpip\Param
eters: Domain = beeline.beelineandblue.com
O17 - HKLM\System\CS3\Services\T
cpip\Param
eters: Domain = beeline.beelineandblue.com
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhot
fix.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLog
on.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-9
4D524869DB
5} - C:\WINDOWS\system32\WPDShS
erviceObj.
dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ACT! Network Sync Service - Sage Software SB, Inc - C:\Program Files\ACT\ACT for Windows\ACT Network Sync\Act.Framework.Synchro
nization.S
ervice.exe
O23 - Service: ACT! Scheduler - Sage Software SB, Inc - C:\Program Files\ACT\ACT for Windows\Act.Scheduler.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2ev
xx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sg
ag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\
ALUSchedul
erSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DFS Remote Message Processor (DFSMESSAGEPROC) - Adenium Systems - C:\Program Files\Adenium Systems\DFS Local Applications\DFSMessagePro
cessor.exe
O23 - Service: DFS Notification Processor (DFSNOTIFICATIONPROC) - Adenium Systems - C:\Program Files\Adenium Systems\DFS Local Applications\DFSNotificati
onProcesso
r.exe
O23 - Service: DFS Order PreProcessor (DFSORDERPREPROC) - Adenium Systems - C:\Program Files\Adenium Systems\DFS Local Applications\DFSOrderPrePr
ocessor.ex
e
O23 - Service: DFS Remote File Transfer Manager (DFSREMOTEFILEPROC) - Adenium Systems - C:\Program Files\Adenium Systems\DFS Local Applications\DFSRemoteFile
Processor.
exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ
ice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
\1150\Inte
l 32\IDriverT.exe
O23 - Service: 3-Heights(TM) Image to PDF Converter Service (Img2PdfSvr) - Unknown owner - C:\I2PR160PreWIN32Eval\bin
\Img2PdfSv
r.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEU
P~1\LuComS
erver_3_0.
EXE
O23 - Service: SQL Server (ACT7) (MSSQL$ACT7) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
sqlservr.e
xe" -sACT7 (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4
.exe" -service (file missing)
