Spyware issue. - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 6 (permalink) Old 07-05-2006, 01:02 AM Thread Starter
Lifer
 
ThreeFingerPete's Avatar
 
Join Date: Sep 2002
Posts: 14,894
Spyware issue.

I've got some virus that is affecting my internet browser, every so often, it will redirect a page like dfwstangs.net to http://www.superclick%%%52020..wdfws...teveryakyakyak.

here is my hijack this, if you can help, i'd be much appreciated.


I've run Adaware, Spybot Search and Destroy, and they can't find it.


Logfile of HijackThis v1.99.1
Scan saved at 1:56:35 AM, on 7/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\program files\common files\aol\1145563080\ee\aolsoftware.exe
c:\program files\common files\aol\1145563080\ee\aim6.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\User\LOCALS~1\Temp\Rar$EX00.672\Hijack This.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe



Any help is greatly appreciated.
ThreeFingerPete is offline  
Sponsored Links
Advertisement
 
post #2 of 6 (permalink) Old 07-05-2006, 02:00 PM
Time Served
 
Join Date: Apr 2005
Location: Longview, TX
Posts: 554
Try removing the yahoo toolbar, and any other toolbars that are installed. If that doesn't work try windows defender and do a full virus scan.
Snake007 is offline  
post #3 of 6 (permalink) Old 07-06-2006, 02:24 AM Thread Starter
Lifer
 
ThreeFingerPete's Avatar
 
Join Date: Sep 2002
Posts: 14,894
no toolbars installed except those integral to firefox. Both Firefox and IE do it.
ThreeFingerPete is offline  
 
post #4 of 6 (permalink) Old 07-06-2006, 06:28 AM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373
Check your dns servers, I've had spyware change mine before.

AbecX is offline  
post #5 of 6 (permalink) Old 07-06-2006, 08:23 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
You might also try http://www.trendmicro.com/en/home/us/home.htm , but do it in IE or w/ the FF extension.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #6 of 6 (permalink) Old 07-09-2006, 02:33 PM
Saint's heart sinner skin
 
hotrod66stang's Avatar
 
Join Date: Oct 2003
Posts: 2,113
What I've done before is to check out this site for all kinds of cool tools. This guy has actually written a lot of software the he then sells to the big companies. He does a basic write-up on HJT and what each category is for. You can use that and a page like ProcessLibrary.com to check each process that is running on your computer when you hit CTL+ALT+DEL .

Homepage: http://www.merijn.org/
HJT explanation http://www.merijn.org/htlogtutorial.html
Also check your process list at www.Processlibrary.com

Good luck bro.
hotrod66stang is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome