Hi
I have a redirection of all my active browsers
(in my hosts file)
and pop up windows too on ramdom sites and times.
What is going on ? How do I remove it ?
I have windows xp home. ed........
Here is my log:
Logfile of HijackThis v1.99.0
Scan saved at 13:56:59, on 09-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
E:\Programmer\Winamp\winampa.exe
E:\Programmer\TrojanHunter 4.0\THGuard.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programmer\MSN Messenger\MsnMsgr.Exe
E:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
E:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
E:\PROGRA~1\ICQ\ICQ.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmer\Internet Explorer\iexplore.exe
E:\Programmer\Internet Explorer\iexplore.exe
E:\Documents and Settings\ice\Skrivebord\antibug\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = internet explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybercity.dk:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "kontakt.ofir.dk"); (E:\Documents and Settings\ice\Application Data\Mozilla\Profiles\default\z4xr3x5m.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\ice\Application Data\Mozilla\Profiles\default\z4xr3x5m.slt\prefs.js)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Popup Ad Filter] E:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [SpySweeper] "E:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = E:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TeaTimer.exe.lnk = E:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - O23 - Service: Sony SPTI Service - Sony Corporation - E:\PROGRA~1\FLLESF~1\SONYSH~1\AVLib\Sptisrv.exe
Best Regards
iceb
I have a redirection of all my active browsers
(in my hosts file)
and pop up windows too on ramdom sites and times.
What is going on ? How do I remove it ?
I have windows xp home. ed........
Here is my log:
Logfile of HijackThis v1.99.0
Scan saved at 13:56:59, on 09-12-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
E:\Programmer\Winamp\winampa.exe
E:\Programmer\TrojanHunter 4.0\THGuard.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Programmer\MSN Messenger\MsnMsgr.Exe
E:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
E:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
E:\PROGRA~1\ICQ\ICQ.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmer\Internet Explorer\iexplore.exe
E:\Programmer\Internet Explorer\iexplore.exe
E:\Documents and Settings\ice\Skrivebord\antibug\hijackthis\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = internet explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cybercity.dk:8080
N3 - Netscape 7: user_pref("browser.startup.homepage", "kontakt.ofir.dk"); (E:\Documents and Settings\ice\Application Data\Mozilla\Profiles\default\z4xr3x5m.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://E%3A%5CProgrammer%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (E:\Documents and Settings\ice\Application Data\Mozilla\Profiles\default\z4xr3x5m.slt\prefs.js)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmer\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] E:\Programmer\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmer\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] E:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Popup Ad Filter] E:\Programmer\Meaya\Popup Ad Filter\PopFilter.exe
O4 - HKCU\..\Run: [SpySweeper] "E:\Programmer\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: Microsoft Office.lnk = E:\Programmer\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TeaTimer.exe.lnk = E:\Programmer\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {4169B5A0-9048-11D6-BDFF-00C0F024AF20} (ActiveXTester.TesterControl) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) -
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - O23 - Service: Sony SPTI Service - Sony Corporation - E:\PROGRA~1\FLLESF~1\SONYSH~1\AVLib\Sptisrv.exe
Best Regards
iceb