Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected Can Some1 Help Me

  • This topic is locked This topic is locked
2 replies to this topic

#1 roniyako


  • Members
  • 2 posts
  • Local time:11:35 PM

Posted 13 October 2007 - 02:18 AM

my ie always goes to www.404dnspage.com

can sum1 help me with this please

this is my hijack log thingy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:19 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
c:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:Program FilesIntelWirelessBinRegSrvc.exe
C:Program FilesCyberLinkShared FilesRichVideo.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesOnline Video Add-onicthis.exe
C:Program FilesOnline Video Add-onisfmntr.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesOnline Video Add-onicmntr.exe
C:Program FilesOnline Video Add-onisfmm.exe
C:Program FilesApoint2KApoint.exe
C:Program FilesltmohLtmoh.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesFingerprint SensorATSwpNav.exe
C:Program FilesFujitsuApplication PanelQuickTouch.exe
C:Program FilesFujitsuBtnHndBtnHnd.exe
C:Program FilesFujitsuFujitsu Hotkey UtilityIndicatorUty.exe
C:Program FilesFujitsuFUJ02E3FUJ02E3.exe
C:Program FilesFujitsuSSUtilityFJSSDMN.exe
C:Program FilesFujitsuPSUtilityTrayManager.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesFujitsuDispSwitchDispSwitchLauncher.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtMng.exe
C:Program FilesApoint2KHidFind.exe
C:Program FilesApoint2KApntex.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:Program FilesToshibaBluetooth Toshiba StackTosA2dp.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHid.exe
C:Program FilesToshibaBluetooth Toshiba StackTosBtHsp.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.pc-ap.fujitsu.com/warr-reg/
F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSsystem32driversconime.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN AppsST01.03.0000.1005en-xustmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar01.02.5000.1021en-aumsntb.dll
O2 - BHO: (no name) - {D579A683-0CC7-4023-BAE7-0544D0D1DA3A} - C:Program FilesOnline Video Add-onisfmdl.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesMSN AppsMSN Toolbar01.02.5000.1021en-aumsntb.dll
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [SkyTel] SkyTel.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [Apoint] C:Program FilesApoint2KApoint.exe
O4 - HKLM..Run: [LtMoh] C:Program FilesltmohLtmoh.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [ATSwpNav] "C:Program FilesFingerprint SensorATSwpNav" -run
O4 - HKLM..Run: [LoadFujitsuQuickTouch] C:Program FilesFujitsuApplication PanelQuickTouch.exe
O4 - HKLM..Run: [LoadBtnHnd] C:Program FilesFujitsuBtnHndBtnHnd.exe
O4 - HKLM..Run: [IndicatorUtility] C:Program FilesFujitsuFujitsu Hotkey UtilityIndicatorUty.exe
O4 - HKLM..Run: [LoadFUJ02E3] C:Program FilesFujitsuFUJ02E3FUJ02E3.exe
O4 - HKLM..Run: [SSUtility] C:Program FilesFujitsuSSUtilityFJSSDMN.exe
O4 - HKLM..Run: [PSUtility] C:Program FilesFujitsuPSUtilityTrayManager.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [PCDrProfiler] "C:Program FilesFujitsu Hardware Diagnostics ToolRunProfiler.exe" -r
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.0Appsapdproxy.exe"
O4 - HKLM..Run: [avipit] C:WINDOWSsystem32mmlucj.exe
O4 - HKLM..Run: [mmlucj] C:WINDOWSsystem32severe.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [TvOutSwitch] C:Program FilesFujitsuDispSwitchDispSwitchLauncher.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKLM..PoliciesExplorerRun: [some] C:Program FilesOnline Video Add-onicthis.exe
O4 - HKLM..PoliciesExplorerRun: [start] C:Program FilesOnline Video Add-onisfmntr.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O20 - Winlogon Notify: PSUTY - C:WINDOWSSYSTEM32PSUWNP.dll
O22 - SharedTaskScheduler: aldoa - {adf64b1b-c68c-4ce8-bb55-258b7b8b0f81} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod S5a€,66?kҮF–K…O�+?`Z;~1`CI.ˣm‡”Zk�U"ˆ,z$�5!ž;'+jE3ŠfLWBrv@OZ:”s_ qY“›7 “
bRvLYcŠ0‘/Z8aŸWM(Šr!3¹“E•�Z9“�ZI rı98�NŒ‹‡>�eBsW�i I�7*/2AZ• C2g˜šb~†Χ…8—
~yjX�H=—–JŽ–o5Jy��WchO:9”3裱Ÿ3u!‰�X&=w‚J-`>%Ÿ)‚Ÿz_hBŸ>":: =_/Fˆ|֭™k–2–oqR3“‡y!jUI–VbLm,9›}M)x[ƒgF"G�@W=s�ž9�Š6jK(ƒMxB$8>‘xA,qձŠ#Mž=F„Ria7�sŠCYK3S%!v"S‰F:!•HUUJX3

BC AdBot (Login to Remove)


#2 amateur


    Malware Fighter

  • Malware Response Team
  • 2,775 posts
  • Gender:Female
  • Local time:09:35 AM

Posted 25 October 2007 - 07:18 PM

Hello and welcome to BC. :thumbsup:

Sorry for the late response. This is a very badly infected system. I assume you must have received help elsewhere already. But, if you haven't, please post a fresh HijackThis log and I'll be happy to help you.

#3 amateur


    Malware Fighter

  • Malware Response Team
  • 2,775 posts
  • Gender:Female
  • Local time:09:35 AM

Posted 31 October 2007 - 05:10 PM

Due to lack of response, this thread will now be closed. If you need this topic reopened, please PM me with the address of the thread.and we will reopen it for you. This applies only to the original topic starter. Everyone else please begin a New Topic.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users