|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-04-2007, 12:59 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 16
OS: Windows xp
|
search hijacker
hello everyone I'm having a hell of a game with a search hijacker on my system, basically what is happening is i search for something on google and when i click the link i get sent to other random sites such as 10.top.com, monstermarketplace.com, camoflaugeclothingonline.net and thats just to name a few here is my hijack this log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:57:01, on 04/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Gravity\RagnarokOnline\ragexe.exe C:\Program Files\Gravity\Endow & Vend\ragexe.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\regedit.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jamie\Desktop\Spyware removers\HiJackThis_v2.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/downloads/d...7-034d1e7cf3a3 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- End of file - 8904 bytes Process list saved on 20:15:07, on 04/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) [pid] [full path to filename] [file version] [company name] 732 C:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation 780 C:\WINDOWS\system32\csrss.exe 5.1.2600.2180 Microsoft Corporation 812 C:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation 856 C:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation 868 C:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation 1052 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4162 ATI Technologies Inc. 1072 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1132 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1264 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1340 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1432 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4162 ATI Technologies Inc. 1588 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1868 C:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation 1932 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation 232 C:\WINDOWS\system32\Rundll32.exe 5.1.2600.2180 Microsoft Corporation 252 C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe 0.1.0.0 Netropa Corp. 272 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE 7.3.0.1113 Logitech Inc. 292 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe 1.4.2.0 Creative Technology Ltd 332 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe 7.5.0.460 GRISOFT, s.r.o. 344 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe 6.0.10.6 Sun Microsystems, Inc. 580 C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe 592 C:\Program Files\Netropa\Onscreen Display\OSD.exe 0.2.0.2 Netropa Corp. 772 C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe 884 C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe 7.5.0.453 GRISOFT, s.r.o. 1184 C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe 7.5.0.420 GRISOFT, s.r.o. 1208 C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe 7.5.0.460 GRISOFT, s.r.o. 1252 C:\WINDOWS\system32\CTsvcCDA.EXE 1.0.1.0 Creative Technology Ltd 1384 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 7.0.9064.9150 Microsoft Corporation 1624 C:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation 300 C:\WINDOWS\system32\wdfmgr.exe 5.2.3790.1230 Microsoft Corporation 2076 C:\WINDOWS\System32\alg.exe 5.1.2600.2180 Microsoft Corporation 2700 C:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation 1796 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation 2860 C:\Program Files\MSN Messenger\msnmsgr.exe 8.1.178.0 Microsoft Corporation 3128 C:\Program Files\MSN Messenger\usnsvc.exe 8.1.178.0 Microsoft Corporation 3144 C:\Program Files\AIM6\aim6.exe 1.4.9.1 AOL LLC 3272 C:\Program Files\AIM6\aolsoftware.exe 1.5.6.1 America Online, Inc. 2132 C:\Program Files\Gravity\RagnarokOnline\ragexe.exe 3948 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 1476 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 3712 C:\Program Files\SpywareGuard\sgmain.exe 2.2.0.1 2976 C:\Program Files\SpywareGuard\sgbhp.exe 2.2.0.1 4044 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 968 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 2224 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe 7.5.1.36 GRISOFT s.r.o. 428 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe 7.5.1.36 GRISOFT s.r.o. 3552 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 1288 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 3152 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation 2004 C:\Documents and Settings\Jamie\Desktop\Spyware removers\HiJackThis_v2.exe 2.0.0.0 Trend Micro Inc. If you need anything else please let me know :D Last edited by Drakoan; 06-04-2007 at 01:15 PM. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
| Thread Tools | |
|
|
