I have had this problem for a day now and i cant fix it with anything. My homepage has been hijacked and there are lots of pop ups. I have identified some of the offending components (i think) but when i (or any adware/malware programs) try to delete them, they just come back a few seconds later. The option in internet options always reverts to "blank" but the page obviouisly is not blank it is some b*****ds rubbish search and links page. I am including the log file so if any one can give me any instructions or help i would very much appreciate that. Also i have gotten very confused during this whole thing over what some of the programs purport to do and how i can prevent this from happening in future, i am currently running microsoft antispyware, a case of closing the stable door after the horse has bolted. I would like the simplest solution to keeping the computer clean, preferably one program to manage internet security. Anyway, thanks for reading, if anyone can help or wants more information from me, please email.
L Dee
Logfile of HijackThis v1.99.1
Scan saved at 04:17:06, on 24/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\SSMS.EXE
C:\WINDOWS\system32\LSSAS.EXE
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\msmsgr2.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pork\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {F6286FEF-0C72-409E-B374-6D9E1392D69B} - C:\WINDOWS\System32\nimm.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pork\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O18 - Filter: text/html - {6033BD43-B04A-4DE8-8B35-8F5FDB682287} - C:\WINDOWS\System32\nimm.dll
O18 - Filter: text/plain - {6033BD43-B04A-4DE8-8B35-8F5FDB682287} - C:\WINDOWS\System32\nimm.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\System32\winmgnt.exe (file missing)
Edited by Ldee, 23 June 2005 - 09:42 PM.