my home page is getting hijacked and everytime diverted to some site other than the one i have selected.
i did every thing suggested in do it be4 posting .adaware found 2 - 3 data miner, online scanning also found 4 problems..it deleted two files called osa.exe and two others it said giving problems notepad.com. rest like spybot and cws and tds gave a clean bill. i am posting the log of hijack this down below..thanks for all the gud work u guys r doing..
Logfile of HijackThis v1.99.1
Scan saved at 02:54:52, on 2005/06/12
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
D:\Program Files\Network Associates\VirusScan\avsynmgr.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\myCIO\PFW\MpfService.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\SndServ.exe
D:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\WINNT\system32\suss.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\EPOAgent\naimag32.exe
D:\Program Files\McAfee\Managed Firewall\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
D:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
D:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\kduneja\madhu\software\antispy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdocpa.dll/blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKLM\..\Run: [MpfTray] D:\Program Files\McAfee\Managed Firewall\MpfTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "D:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = D:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = D:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vscan.drsasap...in/myCioAgt.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain
O17 - HKLM\System\CCS\Services\Tcpip\..\{C830DD0F-05DC-4CC1-B994-F485759D199B}: NameServer = 169.183.21.22,169.183.201.22
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - D:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.456.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - D:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\WINNT\myCIO\PFW\MpfService.exe
O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NAI ePolicy Orchestrator Agent (NAIMAGENT32) - Network Associates, Inc. - C:\EPOAgent\naimas32.exe
O23 - Service: SOE Send Service (SOE Wrap Send Service) - kd - C:\WINNT\system32\SndServ.exe
O23 - Service: SOE Admin Service (SysExec) - Unknown owner - C:\WINNT\system32\sysexec.exe (file missing)
thanx,
Honey.
PS :i can see RO has the name of page my browser is being directed to but i would act only after getting a reply