Wonderin if any1 knows how to fix this prob. been readin the forum and tried the suggestionz but still it remainz.
A hijacked browser changed to http:\\thenewsearch.com\search.html, i got hijackthis, spybot s&d,n avast but it still managed to get through, bit slack on the updates i guess. avast says infected with the virus win32 trojano-141 but read it was not a virus but a hijacked browser
Running Windows XP
Here is the log file determined by hijackthis
Logfile of HijackThis v1.98.2
Scan saved at 12:05:34 AM, on 27/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sllights.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis19802.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,Search =
http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://thenewsearch.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer,Search =
http://thenewsearch.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL =
http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://thenewsearch.com/search.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://thenewsearch.com/thenewsearch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://thenewsearch.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://thenewsearch.com/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://thenewsearch.com/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://thenewsearch.com/thenewsearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://thenewsearch.com/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://thenewsearch.com/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://thenewsearch.com/search.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://thenewsearch.com/search.htmlO1 - Hosts: 69.50.173.250 auto.search.msn.com
O1 - Hosts: 69.50.173.250 auto.search.msn.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A370DF5E-F361-438D-A86C-DABAF10D44AB}: NameServer = 203.89.226.26 203.89.226.24
If any1 knows whats wrong it would be much appreciated news. cheers