The site is under going some updates, please bear with us while we finish them off.
Browser hi-jacked/virus thing
This is a discussion on Browser hi-jacked/virus thing within the The Tech Shed forums, part of the Members Area category; I've done scans with various anti virus and spyware programs but all are drawing a blank. I've got a hijackthis ...
| |||||||
Pronounced "bris-skoda", a brisk skoda. | Register | Gallery | FAQ | Members List | Calendar | Mark Forums Read |
09-07-2008, 19:24
| #1 |
| Briskodian Join Date: Feb 2005 Location: Nottingham, East Midlands
Posts: 349
Thanks: 0
Thanked 0 Times in 0 Posts
| Browser hi-jacked/virus thing I've done scans with various anti virus and spyware programs but all are drawing a blank. I've got a hijackthis log file and posted it on a couple of forums but they all seem to be dead forums and no replies. Whats happening is the computer is slow when on IE or firefox and when searching on google or alike, following a link will be diverted to another search engine and ultimately to adult sites. Below is the hijack this file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:22:34, on 24/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\hphmon05.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\WINDOWS\System32\wisptis.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Advanced Spyware Remover\Asr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [SVCHOSÒ.EXE] SVCHOSÒ.EXE $$ O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [dmsqe.exe] C:\WINDOWS\system32\dmsqe.exe O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\ PCHButton.exe O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM') O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windo..._5.3.0.228.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://uk.midas.games.yahoo.net/ctl/kingcomie.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24486207...p/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1151921854718 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1201269815421 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://212.121.228.4/activex/AMC.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{59D6F691-C890-4094-B3AC-149F612DB046}: NameServer = 85.255.116.101,85.255.112.184 O17 - HKLM\System\CCS\Services\Tcpip\..\{75945436-E91D-474D-9B29-7E9B29EE6125}: NameServer = 85.255.116.101,85.255.112.184 O17 - HKLM\System\CCS\Services\Tcpip\..\{8B949E34-A026-4193-A9DA-04E4A88CDCAC}: NameServer = 85.255.116.101,85.255.112.184 O17 - HKLM\System\CCS\Services\Tcpip\..\{CC7B3936-0B64-4329-908A-5D7E3EA28057}: NameServer = 85.255.116.101,85.255.112.184 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.101 85.255.112.184 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe If any of that means anything to anyone then please do help, its driving me mad! cheers |
|    |
Find out about Freedom to remove these ads.
|
09-07-2008, 22:00
| #2 |
| Go Gadget Octy! Join Date: Apr 2007
Posts: 3,282
Thanks: 199
Thanked 113 Times in 106 Posts
| Re: Browser hi-jacked/virus thing Only thing that stands out to me is AutoTBar.exe. What is this? Have you run spybot and adaware? |
|
| |
|
09-07-2008, 22:14
| #3 | |
| rodeo monkey  Join Date: Jan 2005 Location: blah, blah, f*****g blah!
Posts: 2,347
Thanks: 13
Thanked 39 Times in 38 Posts
| Re: Browser hi-jacked/virus thing autotbat.exe is an HP thing, so sounds legit(?) just kinda guessing, is it possible that the local dns settings have been changed? can you still fluff things up by editing the hosts file?
__________________ Note: This statement was most likely made with a usual dry sense of humor. It was in no way made to offend anyone who may be easily offended. If you find yourself offended by such a statement, you needed more hugs as a child, or more beatings. Whichever you didn't get enough of, you need more of. Probably beatings. Quote:
| |
|
| |
|
09-07-2008, 22:14
| #4 |
| Briskodian Join Date: Aug 2007 Location: Accrington
Posts: 19
Thanks: 0
Thanked 1 Time in 1 Post
| Re: Browser hi-jacked/virus thing upgrade to AVG 8 also. |
|
| |
|
09-07-2008, 22:53
| #5 |
| Briskodian  Join Date: Jun 2006
Posts: 448
Thanks: 68
Thanked 35 Times in 34 Posts
| Re: Browser hi-jacked/virus thing Do a search for this. Cured my brothers pc twice (Xnob). SmitfraudFix  HTH
__________________ Black Magic Fabia v/RS Skoda Fabia VRS ! Practical & Exciting ! |
|
| |
|
11-07-2008, 03:16
| #6 |
| 2.0 FSI Sport.  Join Date: May 2007 Location: oxon
Posts: 9,369
Thanks: 11
Thanked 286 Times in 260 Posts
| Re: Browser hi-jacked/virus thing use a program called "spybot search and destroy" it will find anything malware or spyware and delete it. |
|
| |
|
11-07-2008, 16:12
| #7 |
| Briskodian Join Date: Feb 2005 Location: Nottingham, East Midlands
Posts: 349
Thanks: 0
Thanked 0 Times in 0 Posts
| Re: Browser hi-jacked/virus thing thanks everyone, in the end i used SmitfraudFix which has cleared it all up, marvolous |
|
| |
|
11-07-2008, 17:17
| #8 |
| Briskodian Join Date: Jun 2006
Posts: 448
Thanks: 68
Thanked 35 Times in 34 Posts
| Re: Browser hi-jacked/virus thing Glad you are all sorted. Keep away from those pesky Russian web sites.
__________________ Black Magic Fabia v/RS Skoda Fabia VRS ! Practical & Exciting ! |
|
| |
 |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
| ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Avant Browser | pittVRS | The Tech Shed | 23 | 08-01-2008 14:08 |
| web browser | SkodiRS | The Tech Shed | 5 | 18-10-2005 22:13 |
| Browser problems | monkeychild | Off Topic and Chit Chat | 2 | 26-02-2005 22:32 |
| TouchGraph Google browser | Hollowpoint | The Tech Shed | 0 | 15-02-2005 13:46 |
| MSN Browser | kenny | The Tech Shed | 2 | 26-01-2004 21:12 |
All times are GMT +1. The time now is 17:43.
