Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Has Been Hijacked And Spybot Adaware Does Not Help!


  • Please log in to reply
2 replies to this topic

#1 nekster

nekster

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 15 March 2006 - 01:20 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:23:14, on 2006-3-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Kingsoft\XDict\XDICT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\spyware\adwarespyware\HijackThis.exe

O1 - Hosts: 204.13.64.174 www.tm8668.com
O1 - Hosts: 204.13.64.174 tm8668.com
O1 - Hosts: 204.13.64.174 www.2008com.com
O1 - Hosts: 204.13.64.174 2008com.com
O1 - Hosts: 204.13.64.174 www.53444.com
O1 - Hosts: 204.13.64.174 53444.com
O1 - Hosts: 204.13.64.174 www.53444.net
O1 - Hosts: 204.13.64.174 53444.net
O1 - Hosts: 204.13.64.174 www.878.cc
O1 - Hosts: 204.13.64.174 878.cc
O1 - Hosts: 204.13.64.174 www.92939.com
O1 - Hosts: 204.13.64.174 92939.com
O1 - Hosts: 204.13.64.174 www.796888.com
O1 - Hosts: 204.13.64.174 796888.com
O1 - Hosts: 204.13.64.174 www.hk6738.com
O1 - Hosts: 204.13.64.174 hk6738.com
O1 - Hosts: 204.13.64.174 www.k3377.com
O1 - Hosts: 204.13.64.174 k3377.com
O1 - Hosts: 204.13.64.174 www.ttmm66.com
O1 - Hosts: 204.13.64.174 ttmm66.com
O1 - Hosts: 204.13.64.174 www.7707.hk
O1 - Hosts: 204.13.64.174 7707.hk
O1 - Hosts: 204.13.64.174 www.hk3344.com
O1 - Hosts: 204.13.64.174 hk3344.com
O1 - Hosts: 204.13.64.174 www.9994777.com
O1 - Hosts: 204.13.64.174 9994777.com
O1 - Hosts: 204.13.64.174 www.hk691.com
O1 - Hosts: 204.13.64.174 hk691.com
O1 - Hosts: 204.13.64.174 www.ok0888.com
O1 - Hosts: 204.13.64.174 ok0888.com
O1 - Hosts: 204.13.64.174 www.55677.com
O1 - Hosts: 204.13.64.174 55677.com
O1 - Hosts: 204.13.64.174 www.hh689.com
O1 - Hosts: 204.13.64.174 hh689.com
O1 - Hosts: 204.13.64.174 www.48123.com
O1 - Hosts: 204.13.64.174 48123.com
O1 - Hosts: 204.13.64.174 www.kk811.com
O1 - Hosts: 204.13.64.174 kk811.com
O1 - Hosts: 204.13.64.174 www.7k8k9k.com
O1 - Hosts: 204.13.64.174 7k8k9k.com
O1 - Hosts: 204.13.64.174 www.k678.com
O1 - Hosts: 204.13.64.174 k678.com
O1 - Hosts: 204.13.64.174 www.9999k.com
O1 - Hosts: 204.13.64.174 9999k.com
O1 - Hosts: 204.13.64.174 www.666fff.com
O1 - Hosts: 204.13.64.174 666fff.com
O1 - Hosts: 204.13.64.174 www.kk7878.com
O1 - Hosts: 204.13.64.174 kk7878.com
O1 - Hosts: 204.13.64.174 www.kk321.com
O1 - Hosts: 204.13.64.174 kk321.com
O1 - Hosts: 204.13.64.174 www.18099.cc
O1 - Hosts: 204.13.64.174 18099.cc
O1 - Hosts: 204.13.64.174 www.tm80.net
O1 - Hosts: 204.13.64.174 tm80.net
O1 - Hosts: 204.13.64.174 www.66346.com
O1 - Hosts: 204.13.64.174 66346.com
O1 - Hosts: 204.13.64.174 www.4428.cn
O1 - Hosts: 204.13.64.174 4428.cn
O1 - Hosts: 204.13.64.174 www.v8885.com
O1 - Hosts: 204.13.64.174 v8885.com
O1 - Hosts: 204.13.64.174 www.558868.com
O1 - Hosts: 204.13.64.174 558868.com
O1 - Hosts: 204.13.64.174 www.18899.com
O1 - Hosts: 204.13.64.174 18899.com
O1 - Hosts: 204.13.64.174 www.hp5868.com
O1 - Hosts: 204.13.64.174 hp5868.com
O1 - Hosts: 204.13.64.174 www.hksaimahuilhc.com
O1 - Hosts: 204.13.64.174 hksaimahuilhc.com
O1 - Hosts: 204.13.64.174 www.t838.com
O1 - Hosts: 204.13.64.174 t838.com
O1 - Hosts: 204.13.64.174 www.688555.com
O1 - Hosts: 204.13.64.174 688555.com
O1 - Hosts: 204.13.64.174 www.676888.com
O1 - Hosts: 204.13.64.174 676888.com
O1 - Hosts: 204.13.64.174 www.gg7777.com
O1 - Hosts: 204.13.64.174 gg7777.com
O1 - Hosts: 204.13.64.174 www.kk7999.com
O1 - Hosts: 204.13.64.174 kk7999.com
O1 - Hosts: 204.13.64.174 www.GG444.com
O1 - Hosts: 204.13.64.174 GG444.com
O1 - Hosts: 204.13.64.174 www.xg990.com
O1 - Hosts: 204.13.64.174 xg990.com
O1 - Hosts: 204.13.64.174 www.qq6789.com
O1 - Hosts: 204.13.64.174 qq6789.com
O1 - Hosts: 204.13.64.174 www.ma333.com
O1 - Hosts: 204.13.64.174 ma333.com
O1 - Hosts: 204.13.64.174 www.59659.com
O1 - Hosts: 204.13.64.174 59659.com
O1 - Hosts: 204.13.64.174 www.993999.com
O1 - Hosts: 204.13.64.174 993999.com
O1 - Hosts: 204.13.64.174 www.6306.com
O1 - Hosts: 204.13.64.174 6306.com
O1 - Hosts: 204.13.64.174 www.13444.com
O1 - Hosts: 204.13.64.174 13444.com
O1 - Hosts: 204.13.64.174 www.tm286.com
O1 - Hosts: 204.13.64.174 tm286.com
O1 - Hosts: 204.13.64.174 www.cctv138.com
O1 - Hosts: 204.13.64.174 cctv138.com
O1 - Hosts: 204.13.64.174 www.tm886.com
O1 - Hosts: 204.13.64.174 tm886.com
O1 - Hosts: 204.13.64.174 www.cgokok.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe nmgamex.dll,LiveProcess /aa
O4 - HKLM\..\Run: [dddclient] "C:\Program Files\DuDu\DddClient\DuDuAcc.exe" /m0
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe C:\WINDOWS\System32\hookdll.dll,ExecFilter solo
O4 - HKLM\..\Run: [3721] C:\$NtUninstallQ5926809$\a3721.bat
O4 - HKLM\..\Run: [cncrack] http://lhcsh.com
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: IE-BAR.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: 金山词霸 2002.lnk = C:\Program Files\Kingsoft\XDict\XDICT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: ★ Sooe创业投资指南 ★ - http://www.sooe.cn/shortcut/shortcutIe.asp
O8 - Extra context menu item: 收藏此页到ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=ddt
O8 - Extra context menu item: 新浪搜索 - http://cha.sina.com.cn/ddt.html
O9 - Extra button: 搜易网 - {0C70DDB5-C059-4FDC-9C86-08DDB82B2056} - http://www.sooe.cn/shortcut/shortcut.asp (file missing)
O9 - Extra button: 卓越 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/errn200...erInstaller.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/activex/EPUWA...l_v1-0-3-18.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sinopec.com.sg
O17 - HKLM\Software\..\Telephony: DomainName = sinopec.com.sg
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD98D2FB-556C-46F9-8C60-A81FA2138A0E}: NameServer = 192.168.10.2,165.21.83.88,165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sinopec.com.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = sinopec.com.sg
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\System32\mbprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 nekster

nekster
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 15 March 2006 - 08:42 PM

upz... please help to diagnose please.... appreciate it

#3 jwbirdsong

jwbirdsong

    Slaher O' Spyware


  • Members
  • 232 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:31 PM

Posted 23 March 2006 - 09:53 PM

Sorry you have gone un-helped for so long..we are swamped and all volunteers. If you still need help post a current HijackThis log.

PS is this a NON english system?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users