Jump to content

Recommended Posts

Hi there,

I was going crazy over my IE that i'm unable to change the homepage of my IE regardless of many tries. I did some research about this problem and i might be suffering from a hijack spyware. I did a HijackThis log. Pls went through if there's really a spyware going on in my system. What's the problem here? Please reply with solutions.

Thanks,

Regards.

hijackthis.log

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:56:07 PM, on 27/11/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\FaithKanade\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FaithKanade\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FaithKanade\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FaithKanade\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FaithKanade\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\FaithKanade\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.552200.com.cn/?Q1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O1 - Hosts: 67.221.174.30 tagged.com

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.113.152.32 istockphoto.com

O1 - Hosts: 208.94.0.38 yfrog.com

O1 - Hosts: 63.309.5.102 virustotal.com

O1 - Hosts: 123.125.50.22 126.com

O1 - Hosts: 74.208.73.101 qvc.com

O1 - Hosts: 174.36.28.11 SlideShare.com

O1 - Hosts: 213.238.60.190 xing.com

O1 - Hosts: 59.106.98.139 seesaa.net

O1 - Hosts: 184.72.253.170 hootsuite.com

O1 - Hosts: 211.151.146.16 soku.com

O1 - Hosts: 72.32.120.222 metacafe.com

O1 - Hosts: 9.105.6.98 bitdefender.com

O1 - Hosts: 204.11.109.133 tribalfusion.com

O1 - Hosts: 207.154.14.31tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 174.36.244.132 linkwithin.com

O1 - Hosts: 121.67.203.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 103.67.101.13 trendmicro.com

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.116.241.57 softonic.com

O1 - Hosts: 208.83.243.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 76.106.43.251 nachtagenten.com

O1 - Hosts: 195.82.124.124 musicmatch.com

O1 - Hosts: 70.52.56.163 moscowtimes.com

O1 - Hosts: 174.36.28.11 SlideShare.com

O1 - Hosts: 61.178.63.198 mgd.com

O1 - Hosts: 174.142.24.205 mediastorm.hu

O1 - Hosts: 38.113.207.59 media-servers.com

O1 - Hosts: 116.66.206.161 m5prod.com

O1 - Hosts: 74.175.65.66 lupa.com

O1 - Hosts: 207.200.66.53 liveintercom.com

O1 - Hosts: 71.96.135.20 keenspace.com

O1 - Hosts: 202.51.107.37 jetsoftware.com

O1 - Hosts: 60.251.54.208 jamba.com

O1 - Hosts: 222.161.3.133 ir.com

O1 - Hosts: 200.24.227.170 investopedia.com

O1 - Hosts: 202.149.24.216 choiceradio.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 141.76.45.18 chip.com

O1 - Hosts: 128.006.192.15 redv.net

O1 - Hosts: 194.42.17.124 cgi.com

O1 - Hosts: 199.26.254.66 centcomm.com

O1 - Hosts: 202.149.24.216 digitallook.com

O1 - Hosts: 60.251.189.134 domainfactory.com

O1 - Hosts: 222.161.3.133 dvdfocomm.nu

O1 - Hosts: 157.95.56.15 e-kolay.com

O1 - Hosts: 85.249.23.115 eurosport.com

O1 - Hosts: 189.104.149.61 f1cd.com

O1 - Hosts: 125.162.92.234 free6.com

O1 - Hosts: 80.81.159.20 cdmworldsoftware.com

O1 - Hosts: 117.102.101.219 grafika.com

O1 - Hosts: 85.249.23.115 adware-delete.com

O1 - Hosts: 69.89.22.135 hbv.com

O1 - Hosts: 92.48.201.39 protectorsuite.com

O1 - Hosts: 128.31.1.16 howstuffworks.com

O1 - Hosts: 132.239.17.2 httpool.com

O1 - Hosts: 85.249.23.117 hyena.com

O1 - Hosts: 219.139.158.59 iinfo.com67.221.174.30 tagged.com

O1 - Hosts: 204.9.178.11 typepad.com

O1 - Hosts: 74.113.152.32 istockphoto.com

O1 - Hosts: 208.94.0.38 yfrog.com

O1 - Hosts: 63.309.5.102 virustotal.com

O1 - Hosts: 123.125.50.22 126.com

O1 - Hosts: 74.208.73.101 qvc.com

O1 - Hosts: 174.36.28.11 SlideShare.com

O1 - Hosts: 213.238.60.190 xing.com

O1 - Hosts: 59.106.98.139 seesaa.net

O1 - Hosts: 184.72.253.170 hootsuite.com

O1 - Hosts: 211.151.146.16 soku.com

O1 - Hosts: 72.32.120.222 metacafe.com

O1 - Hosts: 9.105.6.98 bitdefender.com

O1 - Hosts: 204.11.109.133 tribalfusion.com

O1 - Hosts: 207.154.14.31tripadvisor.com

O1 - Hosts: 216.52.240.133 ustream.tv

O1 - Hosts: 174.36.244.132 linkwithin.com

O1 - Hosts: 121.67.203.61 scan.novirusthanks.org

O1 - Hosts: 209.172.34.139 imagevenue.com

O1 - Hosts: 91.206.232.220 booking.com

O1 - Hosts: 118.69.251.6 vnexpress.net

O1 - Hosts: 103.67.101.13 trendmicro.com

O1 - Hosts: 208.85.40.80 pandora.com

O1 - Hosts: 194.116.241.57 softonic.com

O1 - Hosts: 208.83.243.15 match.com

O1 - Hosts: 202.57.69.84 nwt.com

O1 - Hosts: 65.11.53.80 nttnavi.com

O1 - Hosts: 72.51.41.235 nrk.no

O1 - Hosts: 110.16.19.157 nozonedata.com

O1 - Hosts: 76.106.43.251 nachtagenten.com

O1 - Hosts: 195.82.124.124 musicmatch.com

O1 - Hosts: 70.52.56.163 moscowtimes.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ClixSense.com - {70df8d13-bdd3-448e-944c-efde21b77161} - C:\Program Files\ClixSense.com\prxtbCli0.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O3 - Toolbar: ClixSense.com Toolbar - {70df8d13-bdd3-448e-944c-efde21b77161} - C:\Program Files\ClixSense.com\prxtbCli0.dll

O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Bluetooth.lnk = ?

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe

O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: Motorola Helper (MotoHelper.exe) - Motorola - C:\Program Files\Motorola\Moto Helper Service\MotoHelper.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--

End of file - 13272 bytes

The homepage of my IE 9 now is a CHINA WEBSITE. =_=" How to fix this?

Link to post
Share on other sites

Hi,

This is the Malware bytes log.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8251

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

27/11/2011 7:58:48 PM

mbam-log-2011-11-27 (19-58-48).txt

Scan type: Quick scan

Objects scanned: 172787

Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage.Gen) -> Bad: (http://www.552200.com.cn/?Q1) Good: (http://www.google.com) -> Delete on reboot.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

However, when i restart, the thing is still there as always. =_="

Thanks,

Regards.

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.