Web Browser Hijacked

Question

kimma63 0 Newbie Poster

16 Years Ago

Hi!

I am having major probs with my computer running really badly. It is constantly running using 100% CPU, I have removed Trojans the last two day, and my Web Brower has been Hijacked.
I have run Hijack this, and below is the log,
Can anyone help me,,, Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:42:06 AM, on 19/08/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\aa.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\G_Server.exe
C:\Program Files\Internet Explorer\IeXploRe.ExE
C:\WINNT\system32\aa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\essspk.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iiNet\iConnect\launcher.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iCBB_11_14 R09-27 IINET B01 Monitor Temporary Items\monSvr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.net.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4318.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nb4f.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.4318.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.4318.com
O1 - Hosts: 125.91.1.20 www.37021.net
O1 - Hosts: 125.91.1.20 37021.net
O1 - Hosts: 125.91.1.20 5235.net
O1 - Hosts: 125.91.1.20 www.5235.net
O1 - Hosts: 125.91.1.20 www.7255.com
O1 - Hosts: 125.91.1.20 www.2345.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 www.haol23.net
O1 - Hosts: 125.91.1.20 www.kzdh.com
O1 - Hosts: 125.91.1.20 www.qu123.com
O1 - Hosts: 125.91.1.20 www.8749.com
O1 - Hosts: 125.91.1.20 8749.com
O1 - Hosts: 125.91.1.20 www.4199.com
O1 - Hosts: 125.91.1.20 4199.com
O1 - Hosts: 125.91.1.20 www.3448.com
O1 - Hosts: 125.91.1.20 3448.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Navcot Class - {116AE73A-7D10-4EC2-A46D-52CA50D5197F} - C:\WINNT\system32\inet.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] "C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Centre.lnk = C:\Program Files\iiNet\iConnect\launcher.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www4.snapfish.com.au/SnapfishActivia.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1FC8C94-4790-4FA1-B0C6-DD492D5779C6}: NameServer = 203.8.183.1 192.189.54.33
O23 - Service: COM+ Event System (COM+ Event System) - Unknown owner - C:\WINNT\system32\smssc.ini
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Logical_Disk (netservice) - Unknown owner - C:\Documents and Settings\All Users\Favorites\netservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Porformance services (Perrormance Logs) - Unknown owner - C:\WINNT\system32\aa.exe
O23 - Service: Security Accounts Managers (Security) - Unknown owner - C:\WINNT\system\smtpx.exe
O23 - Service: GrayPigeon2007 (ServerGrayPigeon2007) - Unknown owner - C:\WINNT\G_Server2007.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ·þÎñÃû (svcname) - Unknown owner - C:\WINNT\system32\aa.exe
O23 - Service: Thunde.exe - Unknown owner - C:\WINNT\system32\Thunde.exe
O23 - Service: Windows Accounits Manaiger (Windows Accounits ) - Unknown owner - C:\WINNT\svchost

3 Contributors
2 Replies
237 Views
1 Week Discussion Span
Latest Post 16 Years Ago Latest Post by doonz

All 2 Replies

caboramer 0 Newbie Poster

16 Years Ago

This tool removes Desktop Hijack malware: AdwarePunisher, AdwareSheriff, AlphaCleaner, Antispyware Soldier, AntiVermeans, AntiVermins, AntiVerminser, AntivirusGolden, AVGold, BraveSentry, MalwareWipe, MalwareWiped, MalwaresWipeds, MalwareWipePro, MalwareWiper, PestCapture, PestTrap, PSGuard, quicknavigate.com, Registry Cleaner, Security iGuard, Smitfraud, SpyAxe, SpyCrush, SpyDown, SpyFalcon, SpyGuard, SpyHeal, SpyHeals, SpyLocked, SpyMarshal, SpySheriff, SpySoldier, Spyware Vanisher, Spyware Soft Stop, SpywareLocked, SpywareQuake, SpywareKnight, SpywareSheriff, SpywareStrike, Startsearches.net, TitanShield Antispyware, Trust Cleaner, UpdateSearches.com, Virtual Maid, VirusBlast, VirusBurst, Win32.puper, WinHound, Brain Codec, DirectVideo, EliteCodec, eMedia Codec, FreeVideo, Gold Codec, HQ Codec, iCodecPack, iMediaCodec, Image ActiveX Object, IntCodec, iVideoCodec, JPEG Encoder, Key Generator, Media-Codec, MediaCodec, MMediaCodec, MovieCommander, MPCODEC, My Pass Generator, PCODEC, Perfect Codec, PowerCodec, PornPass Manager, PornMag Pass, PrivateVideo, QualityCodec, Silver Codec, SiteEntry, SiteTicket, SoftCodec, strCodec, Super Codec, TrueCodec, VideoAccess, VideoBox, VidCodecs, Video Access ActiveX Object, Video ActiveX Object, VideoCompressionCodec, VideoKeyCodec, VideosCodec, WinAntiSpyPro, WinMediaCodec, X Password Generator, X Password Manager, ZipCodec...

joedanger is NOT involved with Smitfraudfix in any way!

This tool was created by S!Ri, and is available for FREE.
Voluntary donations will be accepted by S!Ri, at his main website only.
Anyone, other than the creator, trying to make a profit
or solicit money from its use would be involved in fraudulent activity.

Download:
Use this URL to download the latest version (the file contains both English and French versions):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Mirrors: Alternate official download locations for Smitfraudfix.exe
http://siri.geekstogo.com/SmitfraudFix.exe
http://downloads.securitycadets.com/SmitfraudFix.exe
Zebulon.fr

Use:
• Search:
o Double-click SmitfraudFix.exe
o Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

doonz 0 Newbie Poster · Answer 1 · 2007-08-29T07:39:46+00:00

you are HAMMERED with spyware.... I see you have spybot .... what does spybot say...??? go into the advance mode and check your host file...go to antivirus .com run the free scan...read the toutorial on hijack this.... there is alot you can remove...good luck

Web Browser Hijacked

Recommended Answers Collapse Answers

All 2 Replies

Recommended Answers