Jump to content


Photo

homepage hijacked and wasn't fixed by CWShredder


  • Please log in to reply
3 replies to this topic

#1 dgriffith25

dgriffith25

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 11:25 AM

Having some problems with a friends computer. The homepage was hijacked and I came here because I've fixed problems on my computer with CWShredder in the past, but it didn't work for his.


Here's his log:

Logfile of HijackThis v1.97.7
Scan saved at 9:22:42 AM, on 6/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mstq.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sysll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\STKF4NG3\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\imjvk.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjvk.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://imjvk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\imjvk.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://imjvk.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\imjvk.dll/sp.html#96676
F1 - win.ini: run=E:\setup.ins D:\setup.ins
O2 - BHO: (no name) - {395AC10C-9B60-248F-194C-9D8697C487C3} - C:\WINDOWS\system32\sdkqq32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [sysll32.exe] C:\WINDOWS\system32\sysll32.exe
O4 - HKLM\..\RunOnce: [mstq.exe] C:\WINDOWS\mstq.exe
O4 - HKLM\..\RunOnce: [apipb32.exe] C:\WINDOWS\apipb32.exe
O4 - HKLM\..\RunOnce: [syspi.exe] C:\WINDOWS\syspi.exe
O4 - HKLM\..\RunOnce: [netks.exe] C:\WINDOWS\system32\netks.exe
O4 - HKLM\..\RunOnce: [ntuu.exe] C:\WINDOWS\system32\ntuu.exe
O4 - HKLM\..\RunOnce: [crqk.exe] C:\WINDOWS\crqk.exe
O4 - HKLM\..\RunOnce: [appnn32.exe] C:\WINDOWS\system32\appnn32.exe
O4 - HKLM\..\RunOnce: [netsp32.exe] C:\WINDOWS\system32\netsp32.exe
O4 - HKLM\..\RunOnce: [d3va32.exe] C:\WINDOWS\system32\d3va32.exe
O4 - HKLM\..\RunOnce: [d3cw.exe] C:\WINDOWS\d3cw.exe
O4 - HKLM\..\RunOnce: [apizk.exe] C:\WINDOWS\system32\apizk.exe
O4 - HKLM\..\RunOnce: [sysvu32.exe] C:\WINDOWS\sysvu32.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{415AA471-6522-41A4-84B5-BD0B614CE552}: NameServer = 66.218.206.12 66.218.206.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{415AA471-6522-41A4-84B5-BD0B614CE552}: NameServer = 66.218.206.12 66.218.206.13

#2 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 11:29 AM

Did you read ... This topic?

#3 dgriffith25

dgriffith25

    Member

  • Full Member
  • Pip
  • 10 posts

Posted 28 June 2004 - 11:33 AM

If Ad-Aware fixed my problems, I wouldn't be here right now :)

#4 PGPhantom

PGPhantom

    Superman of SWI

  • Emeritus
  • PipPipPipPipPip
  • 3,494 posts

Posted 28 June 2004 - 11:36 AM

Please follow the directions listed because the latest version of ad-aware does fix the problem that you are having. If you already have ad-aware, update the program and change the scanning instructions as listed ...

Reference file loaded:
Reference Number : 01R324 22.06.2004
Internal build : 256
File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
Total size : 1265402 Bytes
Signature data size : 1244925 Bytes
Reference data size : 20413 Bytes
Signatures total : 27677
Target categories : 10
Target families : 506




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button