Jump to content


Photo

Dodgy chinese site!!


  • Please log in to reply
3 replies to this topic

#1 Gibbsy

Gibbsy

    Member

  • New Member
  • Pip
  • 2 posts

Posted 21 July 2004 - 04:24 AM

Hi

Got a problem where IE starts up every few mins and tries to goto some chinese site and tries to download the chinese character set.
Also notice www.UFO365.com too.
Cant modify my homepage either anymore i've installed S&D, As-aware, Spywareblaster and hijackthis and still stuck. here's my log from hi-jack.

Logfile of HijackThis v1.97.7
Scan saved at 10:14:11, on 21/07/04
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\RpcSs.exe
c:\winnt\system32\pstores.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\IBM\CLIENT~1\cwbbs.exe
C:\PROGRA~1\IBM\CLIENT~1\cwbntred.exe
C:\WINNT\System32\nddeagnt.exe
C:\Program Files\IBM\Client Access\CWBPROVD.EXE
C:\WINNT\Explorer.exe
C:\WINNT\System32\SysTray.Exe
C:\WINNT\System32\loadwc.exe
C:\Program Files\IBM\Client Access\cwbuitsk.exe
C:\Program Files\IBM\Client Access\CWBSVD.EXE
C:\WINNT\System32\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\mshta.exe
C:\Program Files\4D Browser Mouse\Scw64.exe
D:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\PROGRA~1\Plus!\MICROS~1\iexplore.exe
C:\WINNT\System32\ddhelp.exe
D:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\PROGRA~1\IBM\CLIENT~1\cwbbs.exe,C:\PROGRA~1\IBM\CLIENT~1\cwbntred.exe,C:\PROGRA~1\IBM\CLIENT~1\cwbprovd.exe,userinit,nddeagnt.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BrowserWebCheck] loadwc.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Taskbar] "C:\Program Files\IBM\Client Access\cwbuitsk.exe"
O4 - HKLM\..\Run: [Client Access API Daemon] "C:\Program Files\IBM\Client Access\cwbappcd.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - Global Startup: 4D Browser Mouse.lnk = C:\Program Files\4D Browser Mouse\Scw64.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Notes Minder.lnk = D:\Lotus\Notes\nminder.exe
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = D:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: Telex Fax 400 WorkStation Login.lnk = C:\Program Files\TelexFax400 WorkStation\WSSTART.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\PROGRA~1\Plus!\MICROS~1\Plugins\NPDocBox.dll
O13 - WWW. Prefix: http://
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {C56CE781-A6FC-4706-8B32-6EB4622155DF} (MediaConnect Control) - http://plugin.euro-i...ia.com/mpv0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = international-presence.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = international-presence.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = international-presence.com

Any help would be appreciated as it is stopping work on this machine.

#2 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 21 July 2004 - 01:36 PM

Hi there,

Please do this first;


Update HijackThis to version 1.98
run HijackThis
select config> misc tools and select "update online". then yes.
Run a scan and post a new Hijackthis log after you are done.


#3 Gibbsy

Gibbsy

    Member

  • New Member
  • Pip
  • 2 posts

Posted 22 July 2004 - 03:00 AM

Thanx for replying but i decided to just build a new comp in the end as the other was old anyway.

#4 12g

12g

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,167 posts

Posted 22 July 2004 - 03:05 AM

You are very welcome :wave:

Protect your new system well!! If need be take advice from here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button