Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

HELP-hijacked IE

Status
Not open for further replies.
Bodgit

Bodgit

IS-IT--Management
Dec 9, 2003
30
GB
Have tried cwshredder,spybot s&d and running AVG but everytime I restart the pc homepage goes back to and I go through the above again and it seems fixed until i restart. Any suggestions?

Logfile of HijackThis v1.97.7
Scan saved at 00:15:45, on 16/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\winmem32.exe
C:\WINDOWS\System32\LVComS.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Sony Handheld\USBSwt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll
O3 - Toolbar: AltaVista Toolbar - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient
 
Sort by date Sort by votes
See the FAQ, that's what they are here for: FAQ608-4650

Marc
[sub]If 'something' 'somewhere' gives 'some' error, expect random guesses or no replies at all. Please specify details.
Free Tip: The F1 Key does NOT destroy your PC![/sub]
 
Upvote 0 Downvote

Did you turn off system restore before running cwshredder, et al? If not, the problem will just come right back with the reboot.

Cheers.
 
Upvote 0 Downvote
switched off sytem restore also closed kazaa, pp manager and closed broadband connection
 
Upvote 0 Downvote
This looks like only a partial Hijack log.

I would be curious what this is:
winmem32.exe

Have Hijack remove:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
 
Upvote 0 Downvote
it´s a "keylogger" made by diablo and looks pretty nasty. have done what you say and homepage has now changed to I think I might just re-install os
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MeGustaXL
  • Locked
  • Question
IE11 - Country Problems
Replies
1
Views
133
Diancecht
Diancecht
goombawaho
  • Locked
  • Question
Error in IE11 on Windows 10
Replies
3
Views
125
goombawaho
goombawaho
kurio71
  • Locked
  • Question
IE11 Lockdown Advice
Replies
0
Views
59
kurio71
kurio71
GriffMG
  • Locked
  • Question
Windows opened with script do not show links. IE11
Replies
1
Views
109
GriffMG
GriffMG
OfficeAnimal
  • Locked
  • Question
How do I run a repair of IE11?
Replies
2
Views
94
OfficeAnimal
OfficeAnimal

Part and Inventory Search

Sponsor

Back
Top