|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now! |
|
#1
May 21st, 2004, 10:37 AM
|
|||
|
|||
|
IE HIjacked by something --Hijackthis log included
when opening up IE i get tons of popups no matter what the homepage is set too.
I have run virus scans - nothing shows up as infected. I have run spybot and adaware and deleted what they find. I have removed registry entries to things that nolonger exist. and i am still having this problem obviously i have missed something somewhere but i just can't place my fingure on it. can you guys give this a look and see what i should remove. thanks Logfile of HijackThis v1.97.7 Scan saved at 11:32:34 AM, on 5/21/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\spoolsv.exe C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe C:\Windows\Cpqdiag\Cpqdfwag.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\EPOAgent\naimas32.exe C:\Windows\System32\NMSSvc.exe C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Program Files\RealVNC\WinVNC\winvnc.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\Windows\system32\rundll32.exe C:\Windows\Explorer.EXE C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\EPOAgent\naimag32.exe C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\Windows\system32\ntvdm.exe C:\Windows\NCLAUNCH.EXe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\FacetWin\fwagent.exe C:\Program Files\Network Associates\VirusScan\VsStat.exe C:\Program Files\Network Associates\VirusScan\Vshwin32.exe C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe C:\Program Files\Network Associates\VirusScan\Avconsol.exe C:\Program Files\Common Files\Network Associates\On Demand Scanner\Scan32\scan32.exe C:\hijackthis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = URL R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = URL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\Windows\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [CSISetup] S:\PCSetup\disk1\setup.exe -fdailysetup.ins O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\winvnc.exe" -servicehelper O4 - HKLM\..\RunServices: [CPQDFWAG] C:\Windows\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [NCLaunch] C:\Windows\NCLAUNCH.EXe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: FacetWin Agent.lnk = C:\FacetWin\fwagent.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - URL O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - URL O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - URL O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - URL O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - URL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL O17 -
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > IE HIjacked by something --Hijackthis log included |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
