Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP!


  • Please log in to reply

#1
shamrockgrfx

shamrockgrfx

    Member

  • Member
  • PipPip
  • 17 posts
I have been hijacked.. When I sign on to hotmail... first a p*** window pops up and gives me info about accepting a call that my modem will make to some p*** site... and then I close it and then I get redirected to either something called "Horsefeed websearch" or to something called "Soft-trend.net" I have Posted my hijack this log below... I am more concerned about this dialer... also I saw something called "Kliksearch" one time as well.... Please Help.

Logfile of HijackThis v1.99.0
Scan saved at 5:45:28 PM, on 1/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\msjthare.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\DOCUME~1\BRIANS~2\LOCALS~1\Temp\tmp20.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\security\hijackthis2\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://soft-trend.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soft-trend.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://soft-trend.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://soft-trend.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://soft-trend.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://soft-trend.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://soft-trend.net
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: winupdate09812521[1].exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{98F85159-7686-42BE-B0A5-A40B4A85A0AA}: NameServer = 69.50.166.94 69.31.80.244
O23 - Service: Adobe LM Service - Unknown - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NT Log Checker - Unknown - C:\WINDOWS\System32\msjthare.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements


#2
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
How come you didn't apply Service Pack 2, or SpywareBlaster since the last time we helped you? Have you tried the suggestions here?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP