This topic is locked
I have just read several other posts about this problem and it seems that each is unique, so i downloaded that hijack program to get a log file. I've also followed all the steps in the "read this before posting a hijack this file," which at first appeared to fix the problem but that didn't last long.
It seems i was attacked by spytooper and spy axe, the latter being the one i'm really, really desperate to get rid of. After downloading all those programs recommended from this site, I'm no longer suffering from the hijacked home page problem, but i am still getting one of those pop up speech bubbles from the start menu, 24/7, telling me either:
Your computer is infected! Dangerous malware infection was detected on your pc....etc
or
Security Alert! system encountered spyware that collects your personal information...etc
And i'm also getting a lot of rubbishy popups telling me i have gay [bleep] sites in my history, which seem to just come from nowhere.
...I'm about ready to kill someone over this thing, i really am, any help would be madly appreciated. THankyou very much for your time
Logfile of HijackThis v1.99.1
Scan saved at 8:48:12 PM, on 12/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\asplkjk6.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iriver\iriver plus 2\iAgent2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjthis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.une.edu.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.2:3128
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp7FDE.tmp
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [asplkjk6] C:\WINDOWS\system32\asplkjk6.exe
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [iPlusAgent2] "C:\Program Files\iriver\iriver plus 2\iAgent2.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common
Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -
C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.micr...ActiveX/odc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1105632234937
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} -
http://dm.screensave.../sinstaller.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
And also my ewido security report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:48:56 PM, 12/12/2005
+ Report-Checksum: 7DFF1FE3
+ Scan result:
C:\Documents and Settings\User1\Cookies\[email protected][3].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\User1\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\User1\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\User1\Cookies\user1@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\User1\Cookies\user1@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\User1\Cookies\user1@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\User1\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\User1\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\User1\Cookies\user1@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\User1\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\User1\Local Settings\Temp\res257.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\User1\Local Settings\Temp\res2DA.tmp -> Spyware.180Solutions : Cleaned with backup
C:\oldhd\documents and settings\Jenny Vindin\Cookies\jenny [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\oldhd\documents and settings\Jenny Vindin\Cookies\jenny vindin@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\oldhd\documents and settings\Jenny Vindin\Cookies\jenny [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\oldhd\documents and settings\Jenny Vindin\Cookies\jenny [email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\oldhd\documents and settings\Jenny Vindin\Cookies\jenny [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\oldhd\documents and settings\Jenny Vindin\Cookies\jenny [email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\oldhd\Program Files\FileSubmit\Fight Club\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
C:\oldhd\Program Files\MyWay\myBar\2.bin\MY2NS.EXE -> Spyware.MyWay : Cleaned with backup
C:\oldhd\Program Files\MyWay\myBar\2.bin\MYBAR.DLL -> Spyware.MyWay : Cleaned with backup
C:\oldhd\Program Files\MyWay\myBar\2.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\system32\hp8099.tmp -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\hp80C8.tmp -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\hp81F1.tmp -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\hp8230.tmp -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\hp8712.tmp -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\hp8A1F.tmp -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Downloader.Zlob.co : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__hp7FDE.tmp -> Downloader.Zlob.co : Cleaned with backup
::Report End
Thanks again!!!
Edited by cziffra, 12 December 2005 - 06:17 PM.
Sign In
Create Account
