Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

CLICK2BEGIN AND DOUBLECLICK PROBLEM


  • Please log in to reply
2 replies to this topic

#1 Gibbo73

Gibbo73

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 29 January 2006 - 10:08 AM

:wavey: HI, I'M NEW TO ALL THIS! A FRIEND OF MINE RECOMMENDED THIS AS THE BEST PLACE TO GET HELP.
WHEN I LOG ONTO THE INTERNET, I KEEP GETTING UNWANTED PAGES OPENING- THE 2 MOST COMMON ARE CLICK2BEGIN AND DOUBLECLICK. I HAVE RUN A HIJACKTHIS LOG WHICH IS ATTATCHED.
PLEASE COULD YOU REVIEW IT AND LET ME KNOW WHAT I NEED TO DO. THANKS A MILLION. B)

Logfile of HijackThis v1.99.1
Scan saved at 15:46:54, on 29/01/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NAVNT\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
C:\PROGRA~1\NAVNT\npssvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\TBPanel.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\NAVNT\navapw32.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony Handheld\USBSwt.exe
C:\PROGRA~1\NAVNT\alertsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mike\My Documents\my docs\1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nss8.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DailyToolbar - {8333C319-0669-4893-A418-F56D9249FCA6} - C:\WINDOWS\Downloaded Program Files\DailyToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [NPS Event Checker] C:\PROGRA~1\NAVNT\npscheck.exe
O4 - HKLM\..\Run: [iamapp] "C:\Program Files\Norton Internet Security Family Edition\IAMAPP.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: SonyPDA USB Switcher.lnk = C:\Program Files\Sony Handheld\USBSwt.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Program Files\NAVNT\navapw32.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer\Add_AllO.htm
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: IEToolbarCab - http://www.dailytool...ailyToolbar.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} (loader2 Class) - http://217.73.66.16/comload.dll
O16 - DPF: {A569049A-4E25-4E9C-9E77-325C7A147496} (Pixelfixx.IonLauncher) - http://www.pixelfixx...IONLauncher.CAB
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.premi...StarInstall.ocx
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\NAVNT\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\NAVNT\navapsvc.exe
O23 - Service: Norton Internet Security Family Edition Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security Family Edition\NISSERV.EXE
O23 - Service: NISUM - Symantec Corporation - C:\Program Files\Norton Internet Security Family Edition\NISUM.EXE
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\NAVNT\npssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    Advertisements

Register to Remove


#2 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 03 February 2006 - 10:03 AM

Click here for Instructions on how to Scan with Spybot S&D and Ad-Aware

Download System Security Suite v1.04 here
Tutorial here.

Reboot in safe mode. Close all Browser and Program Windows.
Have HijackThis fix the following. Do this by checking the box beside each and then clicking on Fix checked.
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nss8.dll
O3 - Toolbar: DailyToolbar - {8333C319-0669-4893-A418-F56D9249FCA6} - C:\WINDOWS\Downloaded Program Files\DailyToolbar.dll
O16 - DPF: IEToolbarCab - http://www.dailytool...ailyToolbar.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9E1089BC-1AE8-4685-8D77-6721E5C318A8} (loader2 Class) - http://217.73.66.16/comload.dll
O16 - DPF: {A569049A-4E25-4E9C-9E77-325C7A147496} (Pixelfixx.IonLauncher) - http://www.pixelfixx...IONLauncher.CAB
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://install.premi...StarInstall.ocx


Reboot then Run 3S under “Items To Clear” tab place a checkmark in all of them but user defined folders.

Go to IE > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed.
If you're running Windows XP, that of course includes the Service Pack 2!
Reboot and Rescan with HJT and post a new log here.
Also please describe how your computer behaves now.

#3 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 18 February 2006 - 06:29 AM

Because no reply was made. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Also follow the recommendations in Tony Klein's article
So how did I get infected in the first place?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users