WTF virus!!!! Home Page Resetting Itself.. help please *pics*

Discussion in 'OT Technology' started by j1o, Apr 28, 2006.

  1. j1o

    j1o snatch snatcher

    Joined:
    Oct 16, 2004
    Messages:
    320
    Likes Received:
    0
    Location:
    bay area
    The other night I downloaded some "music" and I started getting these popups about spyware. They come up every few minutes when I'm online and my hompepage also resets everytime i start a new internet session (see pic). Also AVG has given me several warnings about somekind of potential trojan in my temp internet files. I clicked on "heal problem" or "delete file" everytime but i stil get teh warnings

    I rebooted in safe mode and ran spy bot, ad-aware, and AVG free but Im still having the problem. Any suggestions?

    this is what my home page keeps getting changed to:
    [​IMG]


    and this is one of the error messages im getting:
    [​IMG]
     
  2. Wolf68k

    Wolf68k OT Supporter

    Joined:
    Dec 18, 2003
    Messages:
    4,861
    Likes Received:
    2
    Location:
    Houston, Texas
  3. j1o

    j1o snatch snatcher

    Joined:
    Oct 16, 2004
    Messages:
    320
    Likes Received:
    0
    Location:
    bay area

    First thanks for your help!
    Ok, here is what I got.... make anything of it?
    Code:
     
     
    Logfile of HijackThis v1.99.1
    Scan saved at 3:14:37 PM, on 4/28/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\dcomcfg.exe
    C:\WINDOWS\System32\00THotkey.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\System32\TFNF5.exe
    C:\WINDOWS\System32\TPWRTRAY.EXE
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Common Files\AOL\1143963736\ee\AOLSoftware.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\toshiba\ivp\ism\ivpsvmgr.exe
    c:\program files\common files\aol\1143963736\ee\aim6.exe
    C:\Documents and Settings\me\Desktop\programs\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://www.toshiba.com/"]http://www.toshiba.com[/URL]
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [URL="http://www.toshiba.com/"]http://www.toshiba.com/[/URL]
    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp9588.tmp
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1143963736\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    
     
  4. j1o

    j1o snatch snatcher

    Joined:
    Oct 16, 2004
    Messages:
    320
    Likes Received:
    0
    Location:
    bay area
    anyone?
     
  5. Soren

    Soren OT Supporter

    Joined:
    Oct 9, 2002
    Messages:
    37,554
    Likes Received:
    5
    system restore before it happened if you can
     
  6. j1o

    j1o snatch snatcher

    Joined:
    Oct 16, 2004
    Messages:
    320
    Likes Received:
    0
    Location:
    bay area
    i suck at teh comptuer... how?
     
  7. Wolf68k

    Wolf68k OT Supporter

    Joined:
    Dec 18, 2003
    Messages:
    4,861
    Likes Received:
    2
    Location:
    Houston, Texas
    Give me a few. I had things to do.
     
  8. Wolf68k

    Wolf68k OT Supporter

    Joined:
    Dec 18, 2003
    Messages:
    4,861
    Likes Received:
    2
    Location:
    Houston, Texas
    C:\WINDOWS\System32\dcomcfg.exe
    Delete this file.
    Also look in Windows\Temp\ for APIHELP.CHM and delete it as well


    Make sure that Ad-Aware and Spybot are completely uptodate


    That info that was so called collected, any web site can collect that info. If I could remember the URL I can show you an image that would show your info.


    As for the virus that they say was collected, you can read about it here http:[email protected]
    But not worries it doesn't seem like you have it
     
    Last edited: Apr 29, 2006
  9. j1o

    j1o snatch snatcher

    Joined:
    Oct 16, 2004
    Messages:
    320
    Likes Received:
    0
    Location:
    bay area
    ok i deleted both.

    i update ad-aware and spybot evertime i run them
     
  10. kYd

    kYd New Member

    Joined:
    Dec 31, 2005
    Messages:
    5,881
    Likes Received:
    0
    Location:
    England, Nottingham
    Get rid of the line
    Code:
    O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp9588.tmp
    download this
    [SIZE=-1]http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    unzip and open smithfraudfix.cmd
    select option 2 and enter yes to clean the reg, select yes to replace files. reboot. get firefox
    [/SIZE]
     
  11. Doc Brown

    Doc Brown Don't make me make you my hobby

    Joined:
    Mar 31, 2006
    Messages:
    16,404
    Likes Received:
    0
    Location:
    Ohio
    It never fails. Any time someone has that sort of thing on their computer, you can just about bet that they have online gambling software, smiley programs, chat software.
    (or surf a lot of porn or warez sites)
     
  12. j1o

    j1o snatch snatcher

    Joined:
    Oct 16, 2004
    Messages:
    320
    Likes Received:
    0
    Location:
    bay area
    yep party poker owns me




    but i own the fish.



    thanks all, i finally got everything fixed.
     
  13. Nefarious77

    Nefarious77 Guest

    I had to deal with something similar on a client desktop about a year ago. PITA.
     
  14. cmsurfer

    cmsurfer ºllllllº

    Joined:
    Jun 6, 2003
    Messages:
    5,079
    Likes Received:
    0
    Location:
    NJ
  15. jwynn

    jwynn Yeah I Know I Dont Have Enough Posts

    Joined:
    Jan 28, 2006
    Messages:
    288
    Likes Received:
    0
    Location:
    FL

Share This Page