Jump to content

Virus Infestation probably cleaned, IE no longer works though ...


Recommended Posts

Hi, recently i was on a EFnet IRC server with mIRC (an old version of mIRC) the next day my computer was infected with many viruses, which took me a few days to get rid of them as they kept coming back. I now have them removed, and Spybot SD, AVG, SuperAntiSpyware, Malwarebytes, Microsoft Security Esentials. All come up negative.

and say im free of viruses and malware. However today, after noticing that my IE pages where randomly refreshing them selfs for some reason in the background, i wondered if i had a browser hijack. I ran SpyBot and removed 2 viruses.

And now when ever i run IE it will load my homepage, "Google" But if i load facebook, or any other website it quickly Crashes. When it crashes i sometimes see a URL its trying to laod. social.bidsystem.com/### googleads.g.doubleclick.net/### etc.

I cant figure out whats going on. i ran hijackthis and here are the results. I get no infection reports from any of my scanners.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:38:32, on 13/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Razer\Copperhead\razerhid.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files\Razer\Copperhead\razerofa.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

D:\program files\valve\steam\steam.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Trillian\trillian.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites

O1 - Hosts: 69.16.243.105 L2authd.lineage2.com

O1 - Hosts: 216.107.250.194 nprotect.lineage2.com

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.