|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Dell PowerEdge Servers
|
|
#1
August 13th, 2004, 01:24 AM
|
|||
|
|||
Yes.. Browser Hijacked
Hi there,
I've read through a number of posts here to try and determine and fix (myself) a pc that keeps having the browser hijacked. I have done all of the Adaware and SpyBot stuff as well. oh and I have run CWshredder and that did not find anything either. When opening a browser this is the typical page and popups that keep coming up.. res://uzend.dll/index.html#96676 I have installed and run hijackthis and here are the results.. Any assistance would be greatly appreciated.. Logfile of HijackThis v1.98.2 Scan saved at 15:25:37, on 13/08/04 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\NMSSvc.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\msxh.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\d3uj32.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\sdkdq.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe C:\temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fgnbn.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\prhnj.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://prhnj.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://prhnj.dll/index.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\prhnj.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\fgnbn.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\prhnj.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://prhnj.dll/index.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fgnbn.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\fgnbn.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = redsrvr1:8080 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {42B564F0-7ADE-60B1-EF1C-6A894D5FEF56} - C:\WINDOWS\system32\apizt32.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [sdkdq.exe] C:\WINDOWS\system32\sdkdq.exe O4 - HKLM\..\RunOnce: [d3ir.exe] C:\WINDOWS\system32\d3ir.exe O4 - HKLM\..\RunOnce: [addzy.exe] C:\WINDOWS\system32\addzy.exe O4 - HKLM\..\RunOnce: [msxc.exe] C:\WINDOWS\msxc.exe O4 - HKLM\..\RunOnce: [ipcw32.exe] C:\WINDOWS\ipcw32.exe O4 - HKLM\..\RunOnce: [ntra.exe] C:\WINDOWS\ntra.exe O4 - HKLM\..\RunOnce: [sysbo.exe] C:\WINDOWS\sysbo.exe O4 - HKLM\..\RunOnce: [sdkgq.exe] C:\WINDOWS\system32\sdkgq.exe O4 - HKLM\..\RunOnce: [addcz.exe] C:\WINDOWS\system32\addcz.exe O4 - HKLM\..\RunOnce: [apizc.exe] C:\WINDOWS\system32\apizc.exe O4 - HKLM\..\RunOnce: [d3si.exe] C:\WINDOWS\d3si.exe O4 - HKLM\..\RunOnce: [netkk32.exe] C:\WINDOWS\system32\netkk32.exe O4 - HKLM\..\RunOnce: [msyi32.exe] C:\WINDOWS\msyi32.exe O4 - HKLM\..\RunOnce: [ntup32.exe] C:\WINDOWS\ntup32.exe O4 - HKLM\..\RunOnce: [winjm.exe] C:\WINDOWS\system32\winjm.exe O4 - HKLM\..\RunOnce: [msbc.exe] C:\WINDOWS\msbc.exe O4 - HKLM\..\RunOnce: [netjg.exe] C:\WINDOWS\netjg.exe O4 - HKLM\..\RunOnce: [syswf32.exe] C:\WINDOWS\system32\syswf32.exe O4 - HKLM\..\RunOnce: [ippf.exe] C:\WINDOWS\ippf.exe O4 - HKLM\..\RunOnce: [sysyd.exe] C:\WINDOWS\system32\sysyd.exe O4 - HKLM\..\RunOnce: [ntxl32.exe] C:\WINDOWS\system32\ntxl32.exe O4 - HKLM\..\RunOnce: [apiuv.exe] C:\WINDOWS\system32\apiuv.exe O4 - HKLM\..\RunOnce: [addov32.exe] C:\WINDOWS\system32\addov32.exe O4 - HKLM\..\RunOnce: [javamx32.exe] C:\WINDOWS\system32\javamx32.exe O4 - HKLM\..\RunOnce: [msle.exe] C:\WINDOWS\system32\msle.exe O4 - HKLM\..\RunOnce: [apptr32.exe] C:\WINDOWS\system32\apptr32.exe O4 - HKLM\..\RunOnce: [mfcrt32.exe] C:\WINDOWS\system32\mfcrt32.exe O4 - HKLM\..\RunOnce: [addcp32.exe] C:\WINDOWS\addcp32.exe O4 - HKLM\..\RunOnce: [crfk.exe] C:\WINDOWS\system32\crfk.exe O4 - HKLM\..\RunOnce: [d3uj32.exe] C:\WINDOWS\d3uj32.exe O4 - HKLM\..\RunOnce: [ipxs.exe] C:\WINDOWS\ipxs.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Spy Sweeper.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
|
|
#2
August 13th, 2004, 02:13 AM
|
|||
|
|||
|
Here is an updated version after further trying to work this
thing out.. Sitting here on the 18th floor Im so tempted to throw this PC out the window!  Logfile of HijackThis v1.98.2 Scan saved at 17:12:14, on 13/08/04 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\msxh.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\sdkdq.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Spyware Doctor\spydoctor.exe C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\FNangreave\Desktop\Browser Fixes dont delete\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\uzend.dll/sp.html#96676 R3 - Default URLSearchHook is missing O2 - BHO: (no name) - {DCAB9C0C-A653-82EF-F2B8-5AF28CEE929C} - C:\WINDOWS\msar.dll O4 - HKLM\..\Run: [sdkdq.exe] C:\WINDOWS\system32\sdkdq.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Registry Cleaner Scheduler] "C:\Program Files\CleanMyPC\Registry Cleaner\RCScheduler.exe" /startup O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
|
|
#3
August 15th, 2004, 10:12 PM
|
|||
|
|||
|
|
| Viewing: Dev Shed Forums > System Administration > Antivirus Protection > Yes.. Browser Hijacked |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
