Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Fke google homepage,says computer attacked
   
BullGuard Antivirus Forum > General Security > Spyware > Fke google homepage,says computer attacked  
Forum Quick Jump
 
New Topic Post reply to : Fke google homepage,says computer attacked Printable version of : Fke google homepage,says computer attacked
[ << Previous Thread | Next Thread >> ]

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-8-2008 5:31 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
hello i'm an asking for help. i am having a problem with i.e.& firefox when i enter anything other than a complete website address i am redirected to a fake google site that reads alert your computer have been attacked by viruses! i am redirected to this site on searches and i do recieve a redirecto to abc.com and some porn but that does not always occur. i have tried to locate the malware no luck scans showed nothing. i am running vista on a sony laptop and am using avg security, free version. this is my hjt report

File Attachment :
hijackthis.log   13KB (application/octet-stream)
This file has been downloaded 204 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 10-8-2008 6:46 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Hello smile


Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

Choose one of the servers at Majorgeeks....save the file on your desktop


  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Reboot.
 
 
Download this program: http://www.ctrlaltdel.dk/Fix_download.exe
and save it on the desktop. Then double click on it (Fix_download.exe).
You may have to allow the program to download files from the web! 

The program download the necessary cleaning programs. Once the program 
is downloaded, there will be a folder on your desktop named 
Fix.   – if the instructions not automatically opens, so 
double-click "FIX_manual.htm" in Fix folder. 

Please follow the instructions and copy the logs here, in this Topic:
 
Note : Fix_download.exe is detected by some antivirus programs  as a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

 

 If necessary, temporarily disable your anti-virus, real-time protection before downloading
 
 
Please don´t attach the log´s

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-8-2008 8:32 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
thank you for your time. when i click "restore ms hosts file" i am getting error: cannot create file c:\windows\system42\DRIVERS\ETC\hosts pls advise next step thank you
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 10-9-2008 5:18 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
We´ll deal with it later, continue with -> Download this program etc.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-9-2008 2:37 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
i was able to get the program to download to firefox download box but will not let me open it, even in safe mode. the virus protector noticed it as a possible threat but i pushed ignore. pls advise next step thanks.
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 10-9-2008 7:28 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Ok.
 
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
 
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
Copy and Paste that log into your next reply.
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-9-2008 10:22 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
thanks again here is the log. says no problems :-(

Database version: 1134
Windows 6.0.6001 Service Pack 1

10/9/2008 5:20:08 PM
mbam-log-2008-10-09 (17-20-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 224868
Time elapsed: 1 hour(s), 50 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 10-10-2008 4:29 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Download: CCleaner
http://www.majorgeeks.com/download4191.html
http://www.ccleaner.com/
Once installed, run CCleaner click the Windows tab

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

 
Then click Run Cleaner (bottom right) then Exit.  
(reboot)
 
Please download Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
 
And save to the desktop.

Close all other browser windows.
 
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".
 
 
Go to Start->Run and copy/paste: ComboFix /snapshot and hit OK. It should run Combofix.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply
 

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-10-2008 4:41 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
thanks again for the help.
ComboFix 08-10-09.06 - jon eubanks 2008-10-10 11:11:38.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1832 [GMT -4:00]
Running from: C:\Users\jon eubanks\Downloads\ComboFix.exe
 * Created a new restore point
 * Resident AV is active
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\x64
.
(((((((((((((((((((((((((   Files Created from 2008-09-10 to 2008-10-10  )))))))))))))))))))))))))))))))
.
2008-10-10 11:00 . 2008-10-10 11:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-10 10:59 . 2008-10-10 11:00 <DIR> d-------- C:\Program Files\CCleaner
2008-10-10 10:50 . 2008-10-10 10:50 <DIR> d-------- C:\Program Files\RegCure
2008-10-09 14:48 . 2008-10-09 14:48 <DIR> d-------- C:\Users\jon eubanks\AppData\Roaming\Malwarebytes
2008-10-09 14:48 . 2008-10-09 14:48 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-10-09 14:48 . 2008-10-09 14:48 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-10-09 14:48 . 2008-10-09 14:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-09 14:48 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-09 14:48 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-08 21:27 . 2008-10-10 11:05 <DIR> d-a------ C:\Users\All Users\TEMP
2008-10-08 21:27 . 2008-10-10 11:05 <DIR> d-a------ C:\ProgramData\TEMP
2008-10-08 21:27 . 2004-08-04 07:00 506,368 --a------ C:\Windows\System32\msxml.dll
2008-10-08 15:12 . 2008-10-08 15:12 <DIR> d-------- C:\Users\jon eubanks\New Folder
2008-10-08 15:11 . 2008-10-08 15:17 <DIR> d-------- C:\Users\jon eubanks\major geek
2008-10-08 09:53 . 2008-10-08 09:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-06 17:27 . 2008-10-08 15:34 <DIR> d-------- C:\Users\jon eubanks\AppData\Roaming\Apple Computer
2008-10-06 17:06 . 2008-10-06 17:06 <DIR> dr------- C:\Users\jon eubanks\Searches
2008-10-06 17:05 . 2008-10-06 17:06 <DIR> dr------- C:\Users\jon eubanks\Videos
2008-10-06 17:05 . 2008-10-06 17:06 <DIR> dr------- C:\Users\jon eubanks\Saved Games
2008-10-06 17:05 . 2008-10-06 17:06 <DIR> dr------- C:\Users\jon eubanks\Pictures
2008-10-06 17:05 . 2008-10-08 15:35 <DIR> dr------- C:\Users\jon eubanks\Music
2008-10-06 17:05 . 2008-10-08 15:15 <DIR> dr------- C:\Users\jon eubanks\Links
2008-10-06 17:05 . 2008-10-10 11:09 <DIR> dr------- C:\Users\jon eubanks\Downloads
2008-10-06 17:05 . 2008-10-06 17:06 <DIR> dr------- C:\Users\jon eubanks\Documents
2008-10-06 17:05 . 2008-10-06 17:05 <DIR> dr------- C:\Users\jon eubanks\Contacts
2008-10-06 17:05 . 2008-10-07 12:08 <DIR> d-------- C:\Users\jon eubanks\AppData\Roaming\Sony Corporation
2008-10-06 17:05 . 2006-11-02 08:37 <DIR> d-------- C:\Users\jon eubanks\AppData\Roaming\Media Center Programs
2008-10-06 17:05 . 2008-10-06 17:06 <DIR> d--h----- C:\Users\jon eubanks\AppData
2008-10-06 17:05 . 2008-10-08 15:12 <DIR> d-------- C:\Users\jon eubanks
2008-10-06 16:59 . 2008-10-06 16:59 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-10-06 13:30 . 2008-10-08 17:54 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-06 13:30 . 2008-10-08 17:54 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-06 13:30 . 2008-10-07 12:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-06 11:18 . 2008-10-06 17:25 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-10-05 09:24 . 2008-10-06 14:13 <DIR> d-------- C:\Users\jonathan\AppData\Roaming\uTorrent
2008-10-04 17:53 . 2008-10-05 21:42 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-04 15:10 . 2008-10-04 15:10 <DIR> d-------- C:\Users\All Users\Google
2008-10-04 15:10 . 2008-10-04 15:47 <DIR> d-------- C:\Program Files\Google
2008-10-04 15:02 . 2008-10-10 11:07 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-10-04 15:02 . 2008-10-04 15:02 <DIR> d-------- C:\Users\All Users\avg8
2008-10-04 15:02 . 2008-10-04 15:02 <DIR> d-------- C:\ProgramData\avg8
2008-10-04 15:02 . 2008-10-04 15:02 <DIR> d-------- C:\Program Files\AVG
2008-10-04 15:02 . 2008-10-04 15:02 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-10-04 15:02 . 2008-10-04 15:02 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-10-04 15:02 . 2008-10-04 15:02 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-10-04 12:26 . 2008-10-04 12:26 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:26 . 2008-10-04 12:26 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-04 12:26 . 2008-10-04 12:26 <DIR> d-------- C:\Program Files\iTunes
2008-10-04 12:26 . 2008-10-04 12:26 <DIR> d-------- C:\Program Files\iPod
2008-10-04 12:26 . 2008-04-17 13:12 107,368 --a------ C:\Windows\System32\GEARAspi.dll
2008-10-04 12:26 . 2008-04-17 13:12 15,464 --a------ C:\Windows\System32\drivers\GEARAspiWDM.sys
2008-10-01 13:01 . 2008-10-01 13:01 32,000 --a------ C:\Windows\System32\drivers\usbaapl.sys
2008-09-11 15:34 . 2008-07-30 21:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-11 15:34 . 2008-07-30 23:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-11 15:27 . 2008-08-01 21:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-11 15:27 . 2008-06-25 23:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-11 15:27 . 2008-06-25 23:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-11 15:27 . 2008-05-08 15:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-11 15:27 . 2008-05-19 22:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-11 15:27 . 2008-06-25 23:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-11 15:27 . 2008-08-01 23:26 36,864 --a------ C:\Windows\System32\cdd.dll
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 02:11 --------- d-----w C:\Users\jonathan\AppData\Roaming\Apple Computer
2008-10-04 19:09 --------- d-----w C:\Program Files\Java
2008-10-04 16:26 --------- d-----w C:\ProgramData\Apple Computer
2008-10-04 16:24 --------- d-----w C:\Program Files\QuickTime
2008-10-04 16:24 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-04 16:18 --------- d-----w C:\Program Files\Bonjour
2008-09-21 22:34 --------- d-----w C:\Users\jonathan\AppData\Roaming\Sony Corporation
2008-09-12 16:16 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-29 14:18 87,336 ----a-w C:\Windows\System32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\Windows\System32\dnssd.dll
2008-08-28 01:09 --------- d-----w C:\Program Files\Apple Software Update
2008-08-27 22:09 --------- d-----w C:\Program Files\Safari
2008-08-27 14:37 --------- d-----w C:\Program Files\Windows Mail
2008-07-31 04:24 3,452 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-02-02 20:27 303104 --------- C:\DDI\overicon.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-04 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-04 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-04 137752]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2008-02-22 122880]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-11-21 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"VAIOMyMemCenter"="C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
"VWLASU"="C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-02-19 24576]
"VAIO Help and Support Demo"="C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-27 290816]
"VAIORegistration"="C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2006-10-30 3576512]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-04 1234712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-22 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-11-13 972064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 23:05 98304 C:\Windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{716F4DA6-7120-4796-8FB3-9DE89E939A78}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4451C8BB-5F7B-4E0B-BC88-AFC72E97E929}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0A0B8C11-98E6-4ED5-9B29-A584EDFC1789}"= UDP:3703:Adobe Version Cue CS3 Server
"{7B0A84A7-3F19-490E-8F75-B1661C41E421}"= UDP:3704:Adobe Version Cue CS3 Server
"{327A4C24-09FB-4794-9A60-E186580F1726}"= UDP:50900:Adobe Version Cue CS3 Server
"{B99F514C-7A41-4942-BF98-8AA1F2F7A128}"= UDP:50901:Adobe Version Cue CS3 Server
"{0D3DF764-70A3-453B-AABE-5AB391585C28}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{C47ECD57-B810-4218-B7E6-B8CC49836EBB}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{4C8049CD-FA0E-4B48-BCB8-B9A21A4036EF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{471DB945-DF75-4839-848B-7E7FBEC2AD78}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{AAF0264C-5E3A-427F-B0F1-58C6C518525B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{0D5272AA-5C58-463A-8161-AF2A188AEAD1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{BA649E71-1E6B-4FD9-8A61-4FE39CC2CAD1}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D4A20B57-08DC-41BD-95FC-2D93B4D21341}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{42187B64-F3C1-4882-902F-DCB7EC85CD64}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{8591073E-9239-49B0-B293-39CD81AC1DE5}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-04 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-04 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-04 231704]
R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-03-03 333088]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-10-04 69128]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-12-16 9344]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2008-02-05 246784]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [2008-03-04 104288]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [2008-03-04 350048]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [2008-03-04 63328]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-03 87328]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-10 C:\Windows\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-21 17:21]
2008-10-10 C:\Windows\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2008-04-21 17:21]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\jon eubanks\AppData\Roaming\Mozilla\Firefox\Profiles\ux2tngqx.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-10 11:14:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-10 11:15:57
ComboFix-quarantined-files.txt  2008-10-10 15:15:54
Pre-Run: 19,216,654,336 bytes free
Post-Run: 19,201,593,344 bytes free
214 --- E O F --- 2008-10-09 18:43:17
Back to Top
 

Gulshan
New Member


Date Joined Oct 2008
Total Posts : 1
  		   Posted 10-25-2008 2:39 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Thanks a lot Touch. Even i had the same issue as Jelly, Whenever i tried to open google, youtube, orkut, yahoo i used to get this weird page which displayed "Alert : You computer has been attacked by spyware or Virus!!" . But i was able to open other websites like rediff. This happens in the all the browser : firefox, internet explorer and Chrome.

I followed your steps
Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

Choose one of the servers at Majorgeeks....save the file on your desktop


* Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
* Run HostsXpert 4.2 - Hosts File Manager from its new home
* Click on "File Handling".
* Click on "Restore MS Hosts File".
* Click OK on the Confirmation box.
* Click on "Make Read Only?"
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



Reboot.

And thats it everything was back to Normal. Your help is very much appriciated
:-) :-)
Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-27-2008 3:22 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
still not fixed i guess i should reformat
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 10-27-2008 7:20 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Let´s see a fresh hijackthis log.
 
 
Please don´t attach it, just copy and paste

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-27-2008 3:40 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:01 AM, on 10/27/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 125.67.67.197 www.yahoo.com
O1 - Hosts: 125.67.67.197 www.google.com
O1 - Hosts: 125.67.67.197 www.myspace.com
O1 - Hosts: 125.67.67.197 www.youtube.com
O1 - Hosts: 125.67.67.197 www.facebook.com
O1 - Hosts: 125.67.67.197 www.live.com
O1 - Hosts: 125.67.67.197 www.msn.com
O1 - Hosts: 125.67.67.197 www.wikipedia.org
O1 - Hosts: 125.67.67.197 www.ebay.com
O1 - Hosts: 125.67.67.197 www.aol.com
O1 - Hosts: 125.67.67.197 www.craigslist.org
O1 - Hosts: 125.67.67.197 www.blogger.com
O1 - Hosts: 125.67.67.197 www.go.com
O1 - Hosts: 125.67.67.197 www.amazon.com
O1 - Hosts: 125.67.67.197 www.cnn.com
O1 - Hosts: 125.67.67.197 espn.go.com
O1 - Hosts: 125.67.67.197 www.espn.com
O1 - Hosts: 125.67.67.197 www.photobucket.com
O1 - Hosts: 125.67.67.197 www.microsoft.com
O1 - Hosts: 125.67.67.197 www.comcast.net
O1 - Hosts: 125.67.67.197 www.imdb.com
O1 - Hosts: 125.67.67.197 www.wordpress.com
O1 - Hosts: 125.67.67.197 www.nytimes.com
O1 - Hosts: 125.67.67.197 www.weather.com
O1 - Hosts: 125.67.67.197 www.ask.com
O1 - Hosts: 125.67.67.197 www.aim.com
O1 - Hosts: 125.67.67.197 www.apple.com
O1 - Hosts: 125.67.67.197 www.mapquest.com
O1 - Hosts: 125.67.67.197 www.youporn.com
O1 - Hosts: 125.67.67.197 www.fastclick.com
O1 - Hosts: 125.67.67.197 www.pornhub.com
O1 - Hosts: 125.67.67.197 www.rapidshare.com
O1 - Hosts: 125.67.67.197 www.pogo.com
O1 - Hosts: 125.67.67.197 www.doubleclick.com
O1 - Hosts: 125.67.67.197 www.att.com
O1 - Hosts: 125.67.67.197 www.adobe.com
O1 - Hosts: 125.67.67.197 www.vnn.com
O1 - Hosts: 125.67.67.197 www.sportsline.com
O1 - Hosts: 125.67.67.197 www.netflix.com
O1 - Hosts: 125.67.67.197 www.dell.com
O1 - Hosts: 125.67.67.197 www.google.co.uk
O1 - Hosts: 125.67.67.197 www.bbc.co.uk
O1 - Hosts: 125.67.67.197 www.ebay.co.uk
O1 - Hosts: 125.67.67.197 www.bebo.com
O1 - Hosts: 125.67.67.197 www.amazon.co.uk
O1 - Hosts: 125.67.67.197 www.sky.com
O1 - Hosts: 125.67.67.197 www.virginmedia.com
O1 - Hosts: 125.67.67.197 www.aol.co.uk
O1 - Hosts: 125.67.67.197 www.hsbc.co.uk
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [VAIOMyMemCenter] "C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3923191751-3987828185-2951070522-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'jonathan')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14325
  		   Posted 10-28-2008 8:31 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
Rightclick on hijackthis - run as admin.
 
Run a scan with HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O1 - Hosts: 125.67.67.197 www.yahoo.com
O1 - Hosts: 125.67.67.197 www.google.com
O1 - Hosts: 125.67.67.197 www.myspace.com
O1 - Hosts: 125.67.67.197 www.youtube.com
O1 - Hosts: 125.67.67.197 www.facebook.com
O1 - Hosts: 125.67.67.197 www.live.com
O1 - Hosts: 125.67.67.197 www.msn.com
O1 - Hosts: 125.67.67.197 www.wikipedia.org
O1 - Hosts: 125.67.67.197 www.ebay.com
O1 - Hosts: 125.67.67.197 www.aol.com
O1 - Hosts: 125.67.67.197 www.craigslist.org
O1 - Hosts: 125.67.67.197 www.blogger.com
O1 - Hosts: 125.67.67.197 www.go.com
O1 - Hosts: 125.67.67.197 www.amazon.com
O1 - Hosts: 125.67.67.197 www.cnn.com
O1 - Hosts: 125.67.67.197 espn.go.com
O1 - Hosts: 125.67.67.197 www.espn.com
O1 - Hosts: 125.67.67.197 www.photobucket.com
O1 - Hosts: 125.67.67.197 www.microsoft.com
O1 - Hosts: 125.67.67.197 www.comcast.net
O1 - Hosts: 125.67.67.197 www.imdb.com
O1 - Hosts: 125.67.67.197 www.wordpress.com
O1 - Hosts: 125.67.67.197 www.nytimes.com
O1 - Hosts: 125.67.67.197 www.weather.com
O1 - Hosts: 125.67.67.197 www.ask.com
O1 - Hosts: 125.67.67.197 www.aim.com
O1 - Hosts: 125.67.67.197 www.apple.com
O1 - Hosts: 125.67.67.197 www.mapquest.com
O1 - Hosts: 125.67.67.197 www.youporn.com
O1 - Hosts: 125.67.67.197 www.fastclick.com
O1 - Hosts: 125.67.67.197 www.pornhub.com
O1 - Hosts: 125.67.67.197 www.rapidshare.com
O1 - Hosts: 125.67.67.197 www.pogo.com
O1 - Hosts: 125.67.67.197 www.doubleclick.com
O1 - Hosts: 125.67.67.197 www.att.com
O1 - Hosts: 125.67.67.197 www.adobe.com
O1 - Hosts: 125.67.67.197 www.vnn.com
O1 - Hosts: 125.67.67.197 www.sportsline.com
O1 - Hosts: 125.67.67.197 www.netflix.com
O1 - Hosts: 125.67.67.197 www.dell.com
O1 - Hosts: 125.67.67.197 www.google.co.uk
O1 - Hosts: 125.67.67.197 www.bbc.co.uk
O1 - Hosts: 125.67.67.197 www.ebay.co.uk
O1 - Hosts: 125.67.67.197 www.bebo.com
O1 - Hosts: 125.67.67.197 www.amazon.co.uk
O1 - Hosts: 125.67.67.197 www.sky.com
O1 - Hosts: 125.67.67.197 www.virginmedia.com
O1 - Hosts: 125.67.67.197 www.aol.co.uk
O1 - Hosts: 125.67.67.197 www.hsbc.co.uk
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
 
 
 
Reboot, post new hijackthis log

Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

jelly
New Member


Date Joined Oct 2008
Total Posts : 10
  		   Posted 10-28-2008 3:33 (GMT +1)    Quote: Fke google homepage,says computer attackedAlert an admin about: Fke google homepage,says computer attacked
here goes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:13 AM, on 10/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 125.67.67.197 www.yahoo.com
O1 - Hosts: 125.67.67.197 www.google.com
O1 - Hosts: 125.67.67.197 www.myspace.com
O1 - Hosts: 125.67.67.197 www.youtube.com
O1 - Hosts: 125.67.67.197 www.facebook.com
O1 - Hosts: 125.67.67.197 www.live.com
O1 - Hosts: 125.67.67.197 www.msn.com
O1 - Hosts: 125.67.67.197 www.wikipedia.org
O1 - Hosts: 125.67.67.197 www.ebay.com
O1 - Hosts: 125.67.67.197 www.aol.com
O1 - Hosts: 125.67.67.197 www.craigslist.org
O1 - Hosts: 125.67.67.197 www.blogger.com
O1 - Hosts: 125.67.67.197 www.go.com
O1 - Hosts: 125.67.67.197 www.amazon.com
O1 - Hosts: 125.67.67.197 www.cnn.com
O1 - Hosts: 125.67.67.197 espn.go.com
O1 - Hosts: 125.67.67.197 www.espn.com
O1 - Hosts: 125.67.67.197 www.photobucket.com
O1 - Hosts: 125.67.67.197 www.microsoft.com
O1 - Hosts: 125.67.67.197 www.comcast.net
O1 - Hosts: 125.67.67.197 www.imdb.com
O1 - Hosts: 125.67.67.197 www.wordpress.com
O1 - Hosts: 125.67.67.197 www.nytimes.com
O1 - Hosts: 125.67.67.197 www.weather.com
O1 - Hosts: 125.67.67.197 www.ask.com
O1 - Hosts: 125.67.67.197 www.aim.com
O1 - Hosts: 125.67.67.197 www.apple.com
O1 -