Hi, bear with me please
Yesterday, I went looking for a winrar download and I used google search... and went to a google sponsored site.. I downloaded the software and extracted it and got something extra.. a trojan of course.
When I use google search it redirects me to a page with a white background with black chinese characters grouped at the left side of the screen, When I go to google.com, yahoo.com or myspace.com it redirects me to a fake Windows Security Center page saying I have been infected and need to download antispyware now. I'm still able to browse websites like fark.com or norton.com
Also it had a pesky pop up window messenger that read: intervalhehehe intervalhehehe intervalhehehe intervalhehehe!!!! when you click ok, it just keeps popping up after 30 or so seconds..
I have NIS 2009, I ran a full scan yesterday... nothing came up.... today I ran a live update and then ran a quick scan... it found two things.. one of which quickly disappeared... when it should have asked me to fix it.. because that's how I have it set up... the other was a trojan .. which I'm sure was the pesky pop up window as its no longer popping up... I'm sure it'll be back if I restart my laptop. However my browser is still hijacked.. the only thing that has been fixed is the pop up window.
Thanks in advance
Hi, bear with me please
Yesterday, I went looking for a winrar download and I used google search... and went to a google sponsored site.. I downloaded the software and extracted it and got something extra.. a trojan of course.
When I use google search it redirects me to a page with a white background with black chinese characters grouped at the left side of the screen, When I go to google.com, yahoo.com or myspace.com it redirects me to a fake Windows Security Center page saying I have been infected and need to download antispyware now. I'm still able to browse websites like fark.com or norton.com
Also it had a pesky pop up window messenger that read: intervalhehehe intervalhehehe intervalhehehe intervalhehehe!!!! when you click ok, it just keeps popping up after 30 or so seconds..
I have NIS 2009, I ran a full scan yesterday... nothing came up.... today I ran a live update and then ran a quick scan... it found two things.. one of which quickly disappeared... when it should have asked me to fix it.. because that's how I have it set up... the other was a trojan .. which I'm sure was the pesky pop up window as its no longer popping up... I'm sure it'll be back if I restart my laptop. However my browser is still hijacked.. the only thing that has been fixed is the pop up window.
Thanks in advance
TrDo
December 4, 2008, 8:30pm
3
Hi Quads,
I told you...that you're a HijackThis! expert...and you did not admit...
I'm curious to see what is that..that Norton did not pick up....Usually is very good at blocking these....
TrDo.
Message Edited by TrDo on 12-04-2008 10:32 PM
Quads
December 4, 2008, 8:42pm
4
TrDo wrote:Hi Quads,
I told you...that you're a HijackThis! expert...and you did not admit...
I'm curious to see what is that..that Norton did not pick up....Usually is very good at blocking these....
TrDo.
Message Edited by TrDo on 12-04-2008 10:32 PM
Haha Nope, cockiness can cause damage
Quads
Quads
December 4, 2008, 8:48pm
5
Hi Michael-M
I have found it and MORE, I will list the entries shortly once looked through the rest of the list
Quads
Quads
December 4, 2008, 9:12pm
6
Hi Michael-M
Run Hijackthis and tick beside these entries only. You may have to reset you hompage etc after.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/ *http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 61.157.217.210 www.yahoo.com O1 - Hosts: 61.157.217.210 www.google.com O1 - Hosts: 61.157.217.210 www.google.co.uk O1 - Hosts: 61.157.217.210 www.myspace.com O1 - Hosts: 61.157.217.210 www.youtube.com O1 - Hosts: 61.157.217.210 www.facebook.com O1 - Hosts: 61.157.217.210 www.antispy.com O1 - Hosts: 61.157.217.210 www.yahoo.com O1 - Hosts: 61.157.217.210 www.yahoo.co.uk O1 - Hosts: 61.157.217.210 www.antispyware.com O1 - Hosts: 61.157.217.210 antispyware.com O1 - Hosts: 61.157.217.210 antispy.com O1 - Hosts: 61.157.217.210 www.msn.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.gg.com O1 - Hosts: 123.251.143.110 www.ghfhj.com O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com O1 - Hosts: 123.251.143.110 www.1.com O1 - Hosts: 123.251.143.110 www.3.com O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com O1 - Hosts: 123.251.143.110 www.asdfasdfld.com O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasndfd.com O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com O1 - Hosts: 61.157.217.210 www.live.com O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Program Files\Gold Codec\isaddon.dll (file missing)
O4 - Global Startup: Digital Line Detect.lnk = ? (Could be left over from a Trojan)
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011MWUS ( if you had mywebsearch installed it is now broken, you will have to re install.)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\andrew atherton\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
Once ticked the entries above click "Fix Checked". may ask to restart your PC.
Now download SuperAntiSpyware free, update and then run a full scan in safe mode.
For others reading, Yes there are that many hosts file entries, if you look carefully some of the files look as though they are the same name but are not, like " www.asdfaoosdfd.com" and "www.asdfasssdfd.com"
Quads
Much Thanks to Quads… I will be sure to contact you again if I ever have any more problems…
avish
December 12, 2008, 3:25pm
8
hi ih have the same problam what to do help me!!!
this is what i got
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01:41, on 12/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\drivers\audio\r190031\stacsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe C:\Program Files\Wave Systems Corp\SecureUpgrade.exe C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\DellTPad\HidFind.exe C:\WINDOWS\system32\explore.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\NetVision\Ad-Aware\Ad-Watch.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\אבי\תוכנות\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 61.157.217.210 www.yahoo.com O1 - Hosts: 61.157.217.210 www.google.com O1 - Hosts: 61.157.217.210 www.google.co.uk O1 - Hosts: 61.157.217.210 www.myspace.com O1 - Hosts: 61.157.217.210 www.youtube.com O1 - Hosts: 61.157.217.210 www.facebook.com O1 - Hosts: 61.157.217.210 www.antispy.com O1 - Hosts: 61.157.217.210 www.yahoo.com O1 - Hosts: 61.157.217.210 www.yahoo.co.uk O1 - Hosts: 61.157.217.210 www.antispyware.com O1 - Hosts: 61.157.217.210 antispyware.com O1 - Hosts: 61.157.217.210 antispy.com O1 - Hosts: 61.157.217.210 www.msn.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.gg.com O1 - Hosts: 123.251.143.110 www.ghfhj.com O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com O1 - Hosts: 123.251.143.110 www.1.com O1 - Hosts: 123.251.143.110 www.3.com O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com O1 - Hosts: 123.251.143.110 www.asdfasdfld.com O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasndfd.com O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com O1 - Hosts: 61.157.217.210 www.live.com O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" O4 - HKLM\..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" /mode2 O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [explore] C:\WINDOWS\system32\explore.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AWMON] "C:\Program Files\NetVision\Ad-Aware\Ad-Watch.exe" O4 - Startup: Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229024817968 O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: NTRU TSS v1.2.1.27 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
-- End of file - 14059 bytes
Hi Avish,
Run Hijackthis and tick beside these entries only:
components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\explore.exe O1 - Hosts: 61.157.217.210 www.yahoo.com O1 - Hosts: 61.157.217.210 www.google.com O1 - Hosts: 61.157.217.210 www.google.co.uk O1 - Hosts: 61.157.217.210 www.myspace.com O1 - Hosts: 61.157.217.210 www.youtube.com O1 - Hosts: 61.157.217.210 www.facebook.com O1 - Hosts: 61.157.217.210 www.antispy.com O1 - Hosts: 61.157.217.210 www.yahoo.com O1 - Hosts: 61.157.217.210 www.yahoo.co.uk O1 - Hosts: 61.157.217.210 www.antispyware.com O1 - Hosts: 61.157.217.210 antispyware.com O1 - Hosts: 61.157.217.210 antispy.com O1 - Hosts: 61.157.217.210 www.msn.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.gg.com O1 - Hosts: 123.251.143.110 www.ghfhj.com O1 - Hosts: 123.251.143.110 www.cvnbcvnb.com O1 - Hosts: 123.251.143.110 www.1.com O1 - Hosts: 123.251.143.110 www.3.com O1 - Hosts: 123.251.143.110 www.asdf4asdfd.com O1 - Hosts: 123.251.143.110 www.asdfawsdfd.com O1 - Hosts: 123.251.143.110 www.asdfatsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfadsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfafsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfagsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasgdfd.com O1 - Hosts: 123.251.143.110 www.asdfasdhfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfjd.com O1 - Hosts: 123.251.143.110 www.asdfasdfkd.com O1 - Hosts: 123.251.143.110 www.asdfasdfld.com O1 - Hosts: 123.251.143.110 www.asdfasdf,d.com O1 - Hosts: 123.251.143.110 www.asxdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdzfasdfd.com O1 - Hosts: 123.251.143.110 www.asdcfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfvasdfd.com O1 - Hosts: 123.251.143.110 www.asdfabsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasndfd.com O1 - Hosts: 123.251.143.110 www.asdfasdmfd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd.com O1 - Hosts: 123.251.143.110 www.11asdfasdfd.com O1 - Hosts: 123.251.143.110 www.as222dfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfa33sdfd.com O1 - Hosts: 123.251.143.110 www.asdfasd44fd.com O1 - Hosts: 123.251.143.110 www.asdfasdfd5.com O1 - Hosts: 123.251.143.110 www.as66dfasdfd.com O1 - Hosts: 123.251.143.110 www.asdf77asdfd.com O1 - Hosts: 123.251.143.110 www.asdf8asdfd.com O1 - Hosts: 123.251.143.110 www.asdf9asdfd.com O1 - Hosts: 123.251.143.110 www.asdf0asdfd.com O1 - Hosts: 123.251.143.110 www.asdf-asdfd.com O1 - Hosts: 123.251.143.110 www.aqqsdfasdfd.com O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com O1 - Hosts: 123.16.197.121 www.asdhhfasdfdyy.com O1 - Hosts: 61.157.217.210 www.live.com O1 - Hosts: 123.251.143.110 www.asdwwwfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfeasdfd.com O1 - Hosts: 123.251.143.110 www.asdfrrasdfd.com O1 - Hosts: 123.251.143.110 www.asdfttasdfd.com O1 - Hosts: 123.251.143.110 www.asdfyyasdfd.com O1 - Hosts: 123.251.143.110 www.asdfuuuasdfd.com O1 - Hosts: 123.251.143.110 www.asdfaiisdfd.com O1 - Hosts: 123.251.143.110 www.asdfaoosdfd.com O1 - Hosts: 123.251.143.110 www.asdfappsdfd.com O1 - Hosts: 123.251.143.110 www.asdfasssdfd.com O1 - Hosts: 123.251.143.110 www.aswwdfasdfd.com O1 - Hosts: 123.251.143.110 www.asdeefasdfd.com O1 - Hosts: 123.251.143.110 www.asdfffasdfd.com O1 - Hosts: 123.251.143.110 www.asdfavvvsdfd.com O1 - Hosts: 123.251.143.110 www.asnnndfasdfd.com O1 - Hosts: 123.251.143.110 www.asdmmmfasdfd.com O1 - Hosts: 123.251.143.110 www.asdfaffsdfd.com O1 - Hosts: 123.251.143.110 www.asdhhfasdfd.com O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [explore] C:\WINDOWS\system32\explore.exe
Once ticked the entries above click "Fix Checked". may ask to restart your PC.
You can also try SuperAntiSpyware as suggested by Quads in the previous post.
Quads: Check and let me know if there are any corrections/suggestions regarding this, as you are more experienced in handliing Hijackthis tool.
I've got this irritating little thing too. Other forums suggest deleting explore.exe from /Windows/System32 folder - but it won't delete. My Hijack this file is slightly different. Could you take a look. Too long for one message so I'll send another with the second half.
edited - log being sent as pm
Message Edited by RedHeadPeter on 12-12-2008 07:47 PM
Quads
December 12, 2008, 7:18pm
11
Hi yogish and Avish
Now as for ticking these entries,
components\CV\bin\HostControlService.exe (only part of a line also)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\explore.exe
at the beginning in the process list you can's the Hijackthis.log shows running processes at the start of the list, in the actual program itself the tickable boxes start at 'RO' 'R1' etc.
As it is the first 2 entries above are a legit program for Broardcom, it's their updater service, and storage for their products like Modems, a lot of their modems are in Laptops.........................
"AESTFltr.exe" is also a legit program, though probably not needed on startup, but this is not where you tick.
You are right about "C:\WINDOWS\system32\explore.exe" BAD and the hosts
These are also for legit program, probably not needed on startup though.
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
You can tick this one
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
This is part of the reason I don't like full Hijackthis logs posted and I ask to be PMed instead incase someone states to get rid of (tick) something that shouldn't.
Quads
Message Edited by Quads on 12-13-2008 07:31 AM
Message Edited by Quads on 12-13-2008 07:31 AM
deleted
Message Edited by RedHeadPeter on 12-12-2008 07:46 PM
Quads
December 12, 2008, 7:28pm
13
Hi Peter
Could please use the edit menu and delete your hijackthis.log Part 1 and 2, you can leave the message at the beginning of part 1 though, especially as you messages are split with a seperate message in the middle now.
You can Personal message me the Log instead. , click my name then you will see "send private message......."
Quads
Thanks for that. PM should be with you now.
Peter
Quads
December 12, 2008, 8:47pm
15
Hi Peter
I have it now, another guy has this also. Might have to make a new tread. I am looking through.
Quads
Thanks Quads. Have now discovered that if I stop the explore.exe process I can delete that file and the pop=ups have stopped. Just getting the web browser re-directs now.
Peter
Yes, I"ve got the same thing going on. I managed to stop the popups but the browsers are still 'jacked.
Quads
December 13, 2008, 3:32am
18
Moved to correct thread
Message Edited by RedHeadPeter on 12-13-2008 01:02 PM