Jump to content


Hijacked by bravenet-clik.to/wolfman

  • Please log in to reply
3 replies to this topic

#1 Xayla



  • New Member
  • Pip
  • 3 posts

Posted 27 June 2004 - 12:50 PM

I have tried many, many things. Used Spybot, Ad-Aware, Zerospyware, CW Shredder and a2, as well as my anti-virus program. I downloaded Hijack This, but haven't used it yet, as I don't want to remove something I need.

I reinstalled Windows XP, and started using Mozilla's Firefox browser (read that hijacking couldn't happen with that browser!) Even that didn't work.

I contacted Bravenet & asked them to remove whatever was causing the problem and they denied having done anything.

When this happens, I get an error message that the URL is not found. I get a 404 message. This has happened at different sites & I have not seen a pattern yet. It has interrupted games, shopping, searches. I can usually use my browser back button to go back, but not when I'm on a secure site. Then I have to close everything and re-open the browser & re-enter my info.

I can make a Hjack This log available upon request.

Thanks in advance to anyone who can help!

#2 cnm


    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 27 June 2004 - 01:50 PM

Make sure your Spybot Sd rev 1.3 and your Ad-Aware are fully updated. Important Ad-Aware update yesterday. Run again with latest update.

Then please do this.
Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here

#3 Xayla



  • New Member
  • Pip
  • 3 posts

Posted 27 June 2004 - 01:53 PM

Thank you. I just downloaded those other programs & updated Spybot just yesterday. Should I check for updates again?

Logfile of HijackThis v1.97.7
Scan saved at 11:49:43 AM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\FSI\F-Prot\F-Sched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\ZeroSpyware Lite.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FSI\F-Prot\F-StopW.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mary\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: (no name) - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - (no file)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1424.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [PC-CAM 350 STI App Registration] RunDLL32.exe P1060pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ZeroSpyware Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\ZeroSpyware Lite.exe" -STARTUP
O4 - HKCU\..\Run: [NetGuard Lite] "C:\Program Files\FBM Software\ZeroSpyware Lite\NetGuard Lite.exe" -STARTUP
O4 - HKLM\..\RunOnce: [SpyBotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [Ad-aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe" "+b1"
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Runner.LNK = C:\Program Files\Kine\Runner.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Ali Baba Slots TM by pogo - http://temp35.pogo.c...a-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo.com - http://slots02.pogo....a-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play17.pogo.c...l-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Backgammon by pogo.com - http://backgammon05....n-ob-assets.cab
O16 - DPF: Big Shot Roulette TM by pogo - http://roulet.pogo.c...e-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.c...k-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: Checkers by pogo.com - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: Command & Conquer Generals Comanche Strike by pogo.com - http://ccstrike.pogo...e-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Dice Derby by pogo.com - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.c...o-ob-assets.cab
O16 - DPF: Dominoes by pogo.com - http://temp22.pogo.c...o-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.p...e-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo.com - http://doublebonus.p...e-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire44.p...2-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo.com - http://solitaire44.p...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo.com - http://greenback.pog...k-ob-assets.cab
O16 - DPF: Hammerhead Pool by pogo - http://pool02.pogo.c...l-ob-assets.cab
O16 - DPF: Hammerhead Pool by pogo.com - http://pool12.pogo.c...l-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.c...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://drawpoker.pog...r-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo.com - http://hspoker04.pog...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool2.pogo.co...l-ob-assets.cab
O16 - DPF: Jackpot Bingo by pogo.com - http://bingoj03.pogo...j-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://temp91.pogo.c...d-ob-assets.cab
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Jungle Gin by pogo.com - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Keno by pogo.com - http://keno.pogo.com...o-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo...l-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo.com - http://freecell.pogo...l-ob-assets.cab
O16 - DPF: Pebble Beach Golf by pogo - http://pebble.pogo.c...e-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks11....d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit26.pogo...t-ob-assets.cab
O16 - DPF: Poppit! TM by pogo.com - http://temp35.pogo.c...t-ob-assets.cab
O16 - DPF: Quick Shot by pogo.com - http://quickshot01.p...t-ob-assets.cab
O16 - DPF: SciFi Slots by pogo - http://temp91.pogo.c...i-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: Showbiz Slots 2 by pogo.com - http://showbiz2.pogo...2-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo.com - http://showbiz.pogo....z-ob-assets.cab
O16 - DPF: Spades by pogo - http://spades.pogo.c...s-ob-assets.cab
O16 - DPF: Spades by pogo.com - http://spades07.pogo...s-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Squelchies by pogo.com - http://squelchies.po...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://solitaire31.p...h-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo.com - http://sweet04.pogo....h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo....l-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.co...s-ob-assets.cab
O16 - DPF: Triviatron II by pogo - http://triviatron2.p...2-ob-assets.cab
O16 - DPF: Triviatron II by pogo.com - http://triviatron2.p...2-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Tumble Bees by pogo.com - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo14.pogo....1-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo.com - http://turbo08.pogo....1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker02.pogo...r-ob-assets.cab
O16 - DPF: Video Poker by pogo.com - http://vpoker05.pogo...r-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp by pogo.com - http://whomp.pogo.co...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.po...n-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo.com - http://whackdown.pog...n-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo...s-ob-assets.cab
O16 - DPF: Yahoo! Dice - http://download.game...ts/y/dct2_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst3_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.game...ts/y/ywt0_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activewor...ldsDownload.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com...ia/OTXMedia.dll
O16 - DPF: {65683480-5699-11D4-9D2C-525400E80BD5} (GlobFXCtl Class) - http://www.globfx.co...ayer/globfx.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.webs...38/QDow_AS2.cab
O16 - DPF: {91602283-B7B5-11D3-A32A-005004B0E00E} (DiscoverWhy Class) -
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8140.3228819444
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com...tivex/MISBH.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{476D9B97-7B8C-4229-9EA8-00FFAE8A8645}: NameServer =

#4 Xayla



  • New Member
  • Pip
  • 3 posts

Posted 29 June 2004 - 02:19 PM

Hi! I checked updates on all my spyware again yesterday & reran 4 of them. Nothing has helped so far & the hijack keeps happening (going into week 3 on this). I'm still trying to run down things that might help, but if anyone in here has any ideas, I would greatly appreciate them. I've given up trying to play games on here as I get interrupted & lose the site. Other than searches, I'm afraid to shop or go to my banking site.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button