Results 1 to 5 of 5

Thread: popups and perhaps browser hijacker

  1. 2006-07-06, 10:34 #1
    altoyes
    altoyes is offline
    Junior Member
    Join Date
    Feb 2006
    Location
    australia
    Posts
    28

    Default popups and perhaps browser hijacker

    hi folks
    thankyou once again.

    alto

    Logfile of HijackThis v1.99.1
    Scan saved at 11:44:17 AM, on 4/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\Explorer.EXE
    F:\my download PROGS\HIJACK THIS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.spiderweb.com.au
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiderweb.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.spiderweb.com.au
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Spiderweb
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\System32\ZiepodOneClicker.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp521full\winampa.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [C:\Program Files\FeedReader30\feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe
    O4 - HKCU\..\Run: [Ziepod Start-Up] C:\Program Files\Ziepod\Ziepod.exe /background
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
    O4 - Startup: Mp3tag Quick Pick.lnk.disabled
    O4 - Startup: Sensis Search.lnk.disabled
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com...n/preview.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    ===================

    i tried 5 of the online scanners
    E TRUST in IE 6 is the only one which worked for me.
    the only message/report at the end said -
    "Scan Results: Scan Completed. 74321 files scanned. No viruses found."


    PANDA ONLINE SCAN in IE 6
    scan now signed flickered and loaded for 4 hours, nothing seeemed to be happening,
    so i closed the program.

    E TRUST in IE 6
    "signatures not loaded"
    Scan Results: Scan Completed. 74321 files scanned. No viruses found.

    BIT DEFENDER in IE 6
    seems to be doings something
    its updating and the message says, of Antivirus engine "failed"
    the update failed, so closed program

    TREND MICRO ONLINE SCAN in firefox
    seems to be working
    did not do anything for 2 hours
    so closed program

    HOUSECALL FOR ALT BROWSERS in IE 6
    "scannez maintenance"
    seems to be contiually loading,
    for over an hour.
    Alto uses: Firefox; IE; AVG free; Spybot; SpywareBlaster; Ad-aware; Hijack This; Disk Defragmenter;
    Windows XP 2
  2. 2006-07-07, 03:31 #2
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi altoyes,

    nothing really stands out as being malware.

    anything unusual asking for a outbound connection in ZA?

    might try running your av/spybot in safe mode. to reach safe mode you would tap the f8 key during a computer restart, chose the first option safe mode.

    your behind a service pack for XP, i would visit windoze updates.

    shelf life
    How Can I Reduce My Risk?
  3. 2006-07-09, 19:11 #3
    altoyes
    altoyes is offline
    Junior Member
    Join Date
    Feb 2006
    Location
    australia
    Posts
    28

    Default computer freezing each half hour tonight

    hi shelf life

    thankyou for the reply.

    may i ask, i am not understanding what you mean by:

    your behind a service pack for XP,

    i would visit windoze updates.

    tonight while working, my computer froze up 4 times so far, so i am posting another hijack this just to make sure.
    ======================

    Logfile of HijackThis v1.99.1
    Scan saved at 3:10:55 AM, on 10/07/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\sistray.EXE
    C:\WINDOWS\System32\khooker.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Winamp521full\winampa.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\MailWasher\MailWasher.exe
    C:\PROGRA~1\MOZILL~1\firefox.exe
    C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\NetVisualize\NetVisualize.exe
    C:\WINDOWS\System32\cidaemon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HIJACK THIS\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.spiderweb.com.au
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.spiderweb.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.spiderweb.com.au
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Spiderweb
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\WINDOWS\System32\ZiepodOneClicker.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
    O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
    O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
    O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp521full\winampa.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [C:\Program Files\FeedReader30\feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
    O4 - Startup: Mp3tag Quick Pick.lnk.disabled
    O4 - Startup: Sensis Search.lnk.disabled
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
    O8 - Extra context menu item: Download all by NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
    O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
    O8 - Extra context menu item: Download by NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
    O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com...n/preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{90E8F793-C929-4389-83E2-6E15E4426DF5}: NameServer = 203.8.183.1 192.189.54.33
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Alto uses: Firefox; IE; AVG free; Spybot; SpywareBlaster; Ad-aware; Hijack This; Disk Defragmenter;
    Windows XP 2
  4. 2006-07-10, 00:28 #4
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi altoyes,

    that log looks ok.

    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    see that XP SP1. Should be XP SP2

    service packs ,patches and updates are put out by MS to patch vulnerabilites in the operating system (windows) that could be exploited.
    you can turn on auto updates or go directly to windows updates. the download will be a massive one.

    http://update.microsoft.com/windowsu....aspx?ln=en-us
    ----------------------------------------------------------
    you might want to try downloading and running ewido:

    http://www.ewido.net/en/
    or
    a squared:
    http://www.emsisoft.com/en/software/free/
    How Can I Reduce My Risk?
  5. 2006-07-14, 14:11 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic is closed.

    If you need it re-opened please send me a pm and provide a link to the thread.
    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules