#1
|
|||
|
|||
Browser Hijacked/Spyware
I have been hijacked and cannot seem to find the culprit. I am hoping this is the correct place to post this. Below is a log from HijackThis:
ogfile of HijackThis v1.98.2 Scan saved at 2:13:32 PM, on 12/10/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\FarStone\VirtualDrive\vdtask.exe C:\WINDOWS\vcdplayx.exe C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe C:\Program Files\AIM\aim.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\DOCUME~1\Art\LOCALS~1\Temp\Temporary Directory 1 for hijackthis1977.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/index.jsp?PG=home&SEC=bnav N3 - Netscape 7: user_pref("browser.startup.homepage", "http://inside.arb.ca.gov/index.htm"); (C:\Documents and Settings\Art\Application Data\Mozilla\Profiles\default\0yyw4xsi.slt\prefs.j s) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe" O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1101029439718 Any help getting this stuff off my computer would be greatly appericated! |
#2
|
|||
|
|||
I forgot to mention I have loaded and run both Spybot and Adaware as well as PC Doctor, all of these seem to find different spyware programs but none have nailed the offender. This started AFTER I mistakenly made Iwon.com my homepage. I have edited the reg key that lists iwon as the Main start page, low and behold once the regedit is closed it goes right back. If I change it under internet options it goes right back as well. I hope this helps. Thanks for looking at the file.
|
#3
|
|||
|
|||
I guess this was posted in the wrong place. I see that other posts like this were moved to cyber saftey. I have reposted this there in hopes of finding someone who can decifer it.Very fed up with this stuff,wondering about going back to MAC, never had this with them!
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Browser seems hijacked | Hazmat1234 | Malware Removal | 11 | August 14th, 2012 01:52 AM |
browser is hijacked & malwarebytes and Hijackthis & super anti spyware won't work | GretaLovejoy | Malware Removal | 27 | October 28th, 2009 01:32 PM |
Hijacked Browser | betme | Malware Removal | 21 | October 11th, 2006 02:39 AM |
SPYWARE Box has hijacked my browser - please review my log | smithmi1363 | Malware Removal | 12 | July 11th, 2006 01:05 AM |
Hijacked Browser, Help! | maryfrances | Malware Removal | 3 | December 30th, 2004 03:14 AM |
All times are GMT +1. The time now is 03:32 AM.