|
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
![]() |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
|
|||
|
|||
|
Been Hijacked
hey, my start up page on IE has been hijacked and numerous other websites i go to tend to redirected to other sites that i have no interest in viewing. I ran hijack this and have saved the log file. Could someone please help me fix this problem?
Hijack this log file: Logfile of HijackThis v1.97.7 Scan saved at 8:39:16 PM, on 4/05/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svcinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\WINDOWS\htpatch.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\WINDOWS\SOINTGR.EXE C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe C:\Program Files\Evidence Eliminator\ee.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\program files\altnet\points manager\points manager.exe C:\WINDOWS\System32\olehelp.exe C:\windows\winlogon.exe C:\WINDOWS\System32\mshta.exe C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE C:\PROGRA~1\INTERN~2\KCodeMsg.EXE C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe C:\WINDOWS\System32\P2P Networking\P2P Networking.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\GEOFFB~1\LOCALS~1\Temp\xwxload.exe C:\DOCUME~1\GEOFFB~1\LOCALS~1\Temp\msldf.exe C:\Documents and Settings\Geoff Brookes\My Documents\My Received Files\hijackthis\HijackThis.exe C:\Program Files\Windows Media Player\wmplayer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hbmkkdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hbmkkdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hbmkkdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\hbmkkdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\hbmkkdb.dll/sp.html (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\homepage.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\hbmkkdb.dll/sp.html (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = URL (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = URL (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = URL (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = URL (obfuscated) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe O1 - Hosts: 213.159.117.235 auto.search.msn.com O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\msxslab.dll O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINDOWS\System32\DReplace.dll O2 - BHO: (no name) - {6ECE33C3-CCFF-42EB-A223-E45C5A9E8984} - C:\WINDOWS\System32\hbmkkdb.dll O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [SO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXE O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe O4 - HKLM\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKLM\..\Run: [sys] regedit -s sys.reg O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [susp] C:\WINDOWS\susp.exe O4 - HKLM\..\Run: [host] C:\WINDOWS\system32\hosts.vbs O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set O4 - HKCU\..\Run: [olehelp] C:\WINDOWS\System32\olehelp.exe O4 - HKCU\..\Run: [winlogon] c:\windows\winlogon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - URL O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - URL O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - URL O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - URL |
|
#2
|
|||
|
|||
|
Hi AlltheSame,
Matty2004 has found a solution to this "hidden dll" problem. Please follow these instructions: http://www.spywareinfo.com/forums/i...showtopic=43492 Once complete, feel free to post a follow up log. Tom
__________________
HijackThis Ad-aware Spybot Search & Destroy SpywareBlaster SpywareGuard Housecall Online A/V Scan Please read the stickys at the top of the forum before posting! |
![]() |
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Been Hijacked |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
|