Thread: I got some adware or something![RESOLVED]
View Single Post
Old 04-21-2005, 01:39 PM   #1 (permalink)
fubar.aao
Registered User
 
Join Date: Apr 2005
Posts: 6
OS: WinXP


I got some adware or something!
Ok I know you people use HJT alot and so Ill post my findings if I can figure it out. It is very clear what it is seeing as it says that my browser has been hijacked,but I cannot get rid of it with ad-aware, HJT, spybot s&d! It wont leave!!! This all started when I logged onto ICQ and a user messaged me and i by accident hit the link thinking it was a buddy. all sorts of stuff popped up and thats where i got it from I'm sure. heres the log...
________________________________________________
Logfile of HijackThis v1.98.2
Scan saved at 3:38:49 PM, on 4/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\d3gb.exe
C:\WINDOWS\system32\sdkdy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {AC152C0C-381B-A230-6B29-1A23741F4A9A} - C:\WINDOWS\iphq.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sdkdy.exe] C:\WINDOWS\system32\sdkdy.exe
O4 - HKLM\..\RunOnce: [d3gb.exe] C:\WINDOWS\system32\d3gb.exe
O4 - HKLM\..\RunOnce: [javatj.exe] C:\WINDOWS\system32\javatj.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

ALSO MY CWShredder report
_______________________________________
**** Run Keys ****

RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [sdkdy.exe] C:\WINDOWS\system32\sdkdy.exe


**** Browser Helper Objects ****

BHO: [] C:\WINDOWS\iphq.dll


**** IE Toolbars ****



**** IE Extensions ****

IEExt: [AIM] C:\Program Files\AIM\aim.exe


**** Hosts File Entries ****



**** IE Settings ****

Default Page: about:blank
Default Search: res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar: res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
Search Page: res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392


**** IE Context Menu (Right click) ****



**** Layered Service Providers ****

LSP: New.net UDP Chain
LSP: New.net TCP Chain
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04AB3FD8-82D6-4496-83B8-E29781981398}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{04AB3FD8-82D6-4496-83B8-E29781981398}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BE38D87-3E16-448E-A2C3-1E1184C85366}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8BE38D87-3E16-448E-A2C3-1E1184C85366}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{71E3D822-0D57-4E63-B294-0C0857174C19}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{71E3D822-0D57-4E63-B294-0C0857174C19}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

DirectAnimation Java Classes [file://C:\WINDOWS\Java\classes\dajava.cab]
Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{33564D57-0000-0010-8000-00AA00389B71} [http://download.microsoft.com/downlo...2/wmv9VCM.CAB]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [http://fpdownload.macromedia.com/get...ultrashim.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/s...h/swflash.cab]


**** Windows Services ****

[ 11Fßä#·ºÄÖ`I] C:\WINDOWS\sysbh32.exe /s
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{12623957-E2B1-4E4C-8AB9-2B2AB140F9A9}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\System32\wdfmgr.exe
[uploadmgr] %SystemRoot%\System32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\System32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar] res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Use Search Asst] no
IEOPT: [Default_Page_URL] about:blank
IEOPT: [Default_Search_URL] res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
IEOPT: [Search Page] res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
IEOPT: [Search Bar] res://C:\WINDOWS\system32\psbhf.dll/sp.html#60392
Last edited by fubar.aao; 04-21-2005 at 01:54 PM.
fubar.aao is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here