Jump to content


Photo

hijacked by 888.com


  • Please log in to reply
3 replies to this topic

#1 Keyo

Keyo

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 July 2004 - 06:06 PM

help, i'm constantly getting popups even when i don't have ie open and my homepage is being taken over...
here's my hijackthis log, please help!!

Logfile of HijackThis v1.98.0
Scan saved at 9:40:55 PM, on 7/30/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\12Ghosts\12popup.exe
C:\Program Files\12Ghosts\12wash.exe
C:\Program Files\Aim95\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\lyonsj\Desktop\B.LIN\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe
O4 - Startup: 12Ghosts Wash.lnk = C:\Program Files\12Ghosts\12wash.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\Aim95\aim.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://gaea.courttv....ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://gaea.courttv....ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://gaea.courttv....stall/setup.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downlo.../netia32_EN.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://gaea.courttv..../RemoveCtrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo.../netpe32_EN.cab


===
thanks in advance

Edited by Keyo, 30 July 2004 - 08:29 PM.


#2 Keyo

Keyo

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 July 2004 - 07:00 PM

anybody can help me with this? i'm getting consecutive pop ups...very annoying

Edited by Keyo, 30 July 2004 - 08:10 PM.


#3 Keyo

Keyo

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 30 July 2004 - 08:12 PM

bump

#4 Keyo

Keyo

    Member

  • Full Member
  • Pip
  • 12 posts

Posted 01 August 2004 - 03:41 PM

can any1 help me? please




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button