Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked IE Homepage and IE tries to connect to www.alphase.net

Started by murphy_man , Jul 19 2007 06:34 AM

  • Please log in to reply

#1
murphy_man
Posted 19 July 2007 - 06:34 AM

murphy_man

    New Member

  • Member
  • Pip
  • 1 posts
Hi All,

I have recently had issues beginning with a virus infection and a buch of spyware etc.. appearing on my pc. I solved all but 2 issues, they are:

1) when I start up either IE or windows explorer my homepage is changed (although blocked now by superantispyware) from my usual homepage to http://www.google.com

2) after using IE for a minute or so I get another alert to say that IE is attempting to connect to the website www.alphase.net (again i deny this request through my security program)

I have followed the instructions on http://www.geekstogo...-Log-t2852.html which got rid of all the other bad stuff, now all thats left is the 2 issues above. All the different spyware/virus checkers can find no other infections on my pc but there is obviously still something hanging around.

Thanks in advance for any help anyone can give.


The hijackthis log and uninstall log is attached:


Logfile of HijackThis v1.99.1
Scan saved at 10:22:09 PM, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\OPTUSI~1\backweb\5543390\Program\SERVIC~1.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Optus Internet Security Suite\backweb\5543390\program\fsbwsys.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
C:\Program Files\Optus Internet Security Suite\Common\FSMB32.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Optus Internet Security Suite\backweb\5543390\Program\fspex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Optus Internet Security Suite\Common\FCH32.EXE
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Optus Internet Security Suite\Common\FAMEH32.EXE
C:\Program Files\Optus Internet Security Suite\FSPC\fspc.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsrw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE
C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\OPTUSI~1\ANTI-S~1\fsaw.exe
C:\Program Files\Optus Internet Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optus.com.au
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259D72EE-599C-4B56-829C-936F003BE91F} - c:\windows\system32\odkaodk.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {4AC8C966-8AA7-48F2-826C-AB0913134422} - C:\WINDOWS\system32\cnvfa.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ECF23D2B-B81A-40C0-BE7E-B23FBF7B53D2} - c:\windows\system32\sznstcff.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Optus Internet Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Optus Internet Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Optus Internet Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Optus Internet Security Suite.lnk = C:\Program Files\Optus Internet Security Suite\backweb\5543390\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Optus Internet Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Optus Internet Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw...nt/iftwclix.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1184845991125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1184671735750
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: kuvkaiwm - C:\WINDOWS\SYSTEM32\odkaodk.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Optus Internet Security Suite (BackWeb Plug-in - 5543390) - Singtel Optus - C:\PROGRA~1\OPTUSI~1\backweb\5543390\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Optus Internet Security Suite\backweb\5543390\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Optus Internet Security Suite\Common\FSMA32.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe




UNINSTALL LOG
===========

AC3Filter (remove only)
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Premiere Pro 1.5
Adobe Reader 7.0
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
Cakewalk VST Adapter 4
Citrix Presentation Server Client - Web Only
Citrix Web Client
DAEMON Tools
DivX Codec
DivX Content Uploader
DivX Player
DivX Web Player
EA.com Update
e-tax 2005
e-tax 2006
e-tax 2007
e-tax Medicare Tax Statement online 2006
FL Studio 5
FlashGet 1.8.8.1010
Guitar Tracks Pro 3
Hijackthis 1.99.1
HijackThis 1.99.1
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
iriver plus 2 (remove only)
i-Speeder
Microsoft .NET Framework 1.1
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Mozilla Firefox (2.0.0.5)
MSI Live Update 3
Nero Suite
OpenMG Limited Patch 4.1-05-13-31-01
OpenMG Secure Module 4.1.00
Optus Internet Security Suite
Panda ActiveScan
Pinnacle Hollywood FX for Studio
Power Tab Editor 1.7
Quicken 2005
QuickTime
Shockwave
SmartSound Quicktracks Plugin
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy 1.4
Studio 9
Studio 9.3 Patch
SUPERAntiSpyware Free Edition
SwannSmart IIx PCI Modem
The Bank Statement Checker (Homeloan)
The Rosetta Stone
Ulead Data-Add 2.0
Ulead DVD MovieFactory 4.0 Suite
Update for Windows XP (KB898461)
WinAce Archiver 2.0
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 2
WinRAR archiver
X-Lite 3.0
X-Lite 3.0
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP