Jump to content


Photo

Hijack This log plz help fix


  • Please log in to reply
5 replies to this topic

#1 Just_Matt

Just_Matt

    Member

  • New Member
  • Pip
  • 3 posts

Posted 26 June 2004 - 11:40 AM

Hey,
I have the problem of my homepage always being changed back to about:blank and it has some search page there. Also there is about 5 differant pop ups that i get very often.
I have Ad-Aware 6.0, Spybot S&D, RegScrub XP and Norton Antivirus 2002.
Hijack This is in a folder called HJT on C:\
Here is my logfile, could somone please have a look through it?


Logfile of HijackThis v1.97.7
Scan saved at 2:38:40 AM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\MSN Messenger\MsgPlus1.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bigpond.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Owner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O1 - Hosts: 62.93.200.61 irc.westwood.com
O1 - Hosts: 62.93.200.61 servserv.westwood.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3A840327-7E7B-4D41-A68A-0E4EA481F915} - C:\WINDOWS\System32\jffhdjc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus1.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MSN Messenger\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28177.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/...h/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab27571.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.48.49/g...d8_2_0_0_19.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7212FC9F-B38D-45C2-985F-CD2DC82CFC3A}: NameServer = 203.49.70.92 139.134.2.190

#2 Just_Matt

Just_Matt

    Member

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 03:50 AM

Ay, ppl i still need help, do u know how annoying this is

#3 gradders

gradders

    gradders

  • New Member
  • Pip
  • 3 posts

Posted 02 July 2004 - 03:55 AM

I had the same problem.

This helped me
http://www.rokop-sec...cle.php?sid=746

you can also find it in Google by entering

sphjfix.exe


Gradders

#4 Just_Matt

Just_Matt

    Member

  • New Member
  • Pip
  • 3 posts

Posted 06 July 2004 - 03:52 AM

Okay tryed that and restarted and everything but it still hasnt fixed it.
I can get a screen shot of the homepage it keep going to if that helps anyone?
Has anyone else fixed this program?

#5 Lynda

Lynda

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 06 July 2004 - 04:03 AM

Hey Matt... I feel for ya... I'm going through the same thing but I don't know what to do either... If you have any luck... let me know

Lynda

#6 Lynda

Lynda

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 08 July 2004 - 01:39 AM

Hi Matt

My browser was also having this trouble. The site it was hijacked to go to was searchweb2.com My puter also had popups and it would redirect any address through their address. I went to the site and clicked on their help link and it had a list of "uninstall our software from your computer" and "uninstall our toolbar from your computer" I ran both of these programs and it has since stopped. Try going to the site and looking for an uninstaller...

Lynda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button