Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE6 hijacked [RESOLVED]


  • This topic is locked This topic is locked

#1
Ray1

Ray1

    New Member

  • Member
  • Pip
  • 2 posts
Hello,
wonder if you can possibly help. I have a problem with IE6 in that whenever I connect to the internet I find that my homepage cannot be displayed.
On looking at the internet settings my hompage had been greyed out (which made me think of malware). I ran spybot to no avail, same with adware.
I ran Browser Hijack Restore from Major Geeks and that freed up the ability to change my homepage but didn't allow the page to load.

I am running Zone Labs with antivirus but the problem persists even when this is shut off.

I am hamstrung at the moment at the moment since I cannot download patches and such (my internet connection is seemingly unavailable). I have been using a second hard drive in my machine to download the above software and burning to cd to copy across to the original offending hard drive. My time is being eaten up!

One thing that has changed (though not sure exactly why) is that originally the internet connection was showing many packets sent and received, even though I couldn't use the connection. Since freeing the homepage there are what I would say are the right packets being sent and received (the numbers don't change when the link is sitting there idle).

My hijack this log is as below, really hope you guys can help!

Logfile of HijackThis v1.99.1
Scan saved at 21:10:45, on 30/07/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINNT\System32\ZoneLabs\isafe.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINNT\System32\svchost.exe
c:\mysql\bin\mysqld-nt.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\Zamaan's Software\Browser Hijack Retaliator 3\BHR3.exe
C:\SUSPEC~1\WinZip\winzip32.exe
C:\DOCUME~1\RAYBRO~1\LOCALS~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1E8C23C-51DE-4E06-ABB3-52828CF72A48}: NameServer = 195.92.195.95 195.92.195.94
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = UK.BA.COM,BAPLC.COM
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = UK.BA.COM,BAPLC.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = UK.BA.COM,BAPLC.COM
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINNT\System32\ZoneLabs\isafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: MySql - Unknown owner - c:\mysql\bin\mysqld-nt (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...&DisplayLang=en
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
Ray1

Ray1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
hi,
Pleased to say I have been able to cleasr the problem, Many thanks for your prompt reply,
Ray
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP