I recently was lucky enough to stumble upon an infected website and I aquired all kinds of new goodies that succeeded in bombarding me with popups, a general slowdown, and 'program not responding' messages. I also keep getting 'Connect or Work offline' messages in mid-internet romp. I guess I should mention those window highjackings as well. I've run both SpybotS&D and Ad-awareSE and both claim I am clean. Although the first time I ran them, they said three somethings would need to be removed in startup and when that process was completed it said only one something was found. So two 'somethings' have escaped and are running rampant in my tubes and wires. Sorry if all that was confusing. I followed the 'prior to posting rules' to the best of my abilities and would appreciate any help. Any help definently deserves some :heart: :heart: :heart:
Here is my HJT file thing:
Logfile of HijackThis v1.99.1
Scan saved at 1:44:50 AM, on 10/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\octeltpop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {A4676816-868E-8079-8FD8-D828905763BA} - C:\WINDOWS\System32\capzm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [1pop06apelt3] C:\WINDOWS\octeltpop.exe
O4 - HKLM\..\Run: [{F4-49-9D-D7-ZN}] c:\windows\system32\ondsregm.exe ELT001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sxyrgft] C:\Program Files\s?stem\?ervices.exe
O4 - HKCU\..\Run: [kifi] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B94CEA5C-429A-4F01-8914-D6D9FBC29FBD}: NameServer = 68.238.64.12,68.238.128.12
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
And here is my Panda Online Scan results:
Incident Status Location
Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Adware:adware/mirar Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kim\Cookies\kim@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\kim\Cookies\kim@server.iad.liveperson[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\kim\Cookies\kim@www.myaffiliateprogram[2].txt
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b103.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b111.exe
Virus:Trj/Banker.CZI Disinfected C:\Documents and Settings\kim\Local Settings\Temp\bl4ck.com
Possible Virus. Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\metasploit.exe
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\mit10.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\mit10.tmp.cab
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\nsoB.tmp\nsRandom.dll
Potentially unwanted tool:Application/FamilyKeylogger Not disinfected C:\Documents and Settings\kim\My Documents\New Folder (3)\keylogger-download.zip[HomeKeyLogger-setup.exe][KeyLogger.exe]
Potentially unwanted tool:Application/Keylogger-Pro Not disinfected C:\Documents and Settings\kim\My Documents\New Folder (3)\keylogger-download.zip[HomeKeyLogger-setup.exe][KeyLogger.Dll]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\kim\My Documents\New Folder (3)\??crosoft.NET\wucrtupd.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3C6F49D7-07D9-1033-0825-051228050001}\Uninst.exe
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[whiehlpr.dll]
Possible Virus. Renamed C:\Program Files\s?stem\?ervices.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\ac3_0002.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\IEtpbQ\KHQDvk.vbs
Possible Virus. Not disinfected C:\WINDOWS\metasploit.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\MirarSetup_876057.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[Sos28.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[TagASaurus.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\TIELT001.exe
Thanks in advance fellas.
Here is my HJT file thing:
Logfile of HijackThis v1.99.1
Scan saved at 1:44:50 AM, on 10/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\octeltpop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {A4676816-868E-8079-8FD8-D828905763BA} - C:\WINDOWS\System32\capzm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: OIN Search - {B9F6E8EB-A4E3-478E-88A4-D3995B5C45C8} - C:\Program Files\OIN Search\OINSearch.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [1pop06apelt3] C:\WINDOWS\octeltpop.exe
O4 - HKLM\..\Run: [{F4-49-9D-D7-ZN}] c:\windows\system32\ondsregm.exe ELT001
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Sxyrgft] C:\Program Files\s?stem\?ervices.exe
O4 - HKCU\..\Run: [kifi] C:\Program Files\InetGet2\stub_109_4_0_4_0.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4836/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B94CEA5C-429A-4F01-8914-D6D9FBC29FBD}: NameServer = 68.238.64.12,68.238.128.12
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
And here is my Panda Online Scan results:
Incident Status Location
Adware:adware/superspider Not disinfected c:\windows\system32\a.exe
Spyware:spyware/media-motor Not disinfected c:\windows\unstall.exe
Adware:adware/mirar Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\kim\Cookies\kim@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\kim\Cookies\kim@server.iad.liveperson[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\kim\Cookies\kim@www.myaffiliateprogram[2].txt
Adware:Adware/Sqwire Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b103.exe[stub_109_4_0_4_0.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b103.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b104.exe[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b104.exe[²ÜÇ\nsRandom.dll]
Adware:Adware/EliteBar Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\b111.exe
Virus:Trj/Banker.CZI Disinfected C:\Documents and Settings\kim\Local Settings\Temp\bl4ck.com
Possible Virus. Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\metasploit.exe
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\mit10.tmp
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\mit10.tmp.cab
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\kim\Local Settings\Temp\nsoB.tmp\nsRandom.dll
Potentially unwanted tool:Application/FamilyKeylogger Not disinfected C:\Documents and Settings\kim\My Documents\New Folder (3)\keylogger-download.zip[HomeKeyLogger-setup.exe][KeyLogger.exe]
Potentially unwanted tool:Application/Keylogger-Pro Not disinfected C:\Documents and Settings\kim\My Documents\New Folder (3)\keylogger-download.zip[HomeKeyLogger-setup.exe][KeyLogger.Dll]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\kim\My Documents\New Folder (3)\??crosoft.NET\wucrtupd.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3C6F49D7-07D9-1033-0825-051228050001}\Uninst.exe
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Program Files\em\dohancer\whCC-GIANT3.exe[whiehlpr.dll]
Possible Virus. Renamed C:\Program Files\s?stem\?ervices.exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\ac3_0002.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\hancerdoem.exe[whCC-GIANT3.exe][whiehlpr.dll]
Adware:Adware/CommAd Not disinfected C:\WINDOWS\IEtpbQ\KHQDvk.vbs
Possible Virus. Not disinfected C:\WINDOWS\metasploit.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\MirarSetup_876057.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[Sos28.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Setup90.exe[TagASaurus.exe]
Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\TIELT001.exe
Thanks in advance fellas.
: :heart: 
