Jump to content


Photo

looking for help with address bar redirector


  • Please log in to reply
1 reply to this topic

#1 bjh349

bjh349

    Member

  • New Member
  • Pip
  • 1 posts

Posted 01 July 2004 - 10:24 PM

I just want to start out by thanking you all in advance for the very helpful site and forums, it's good to know that not everyone on the internet is trying to screw you over.

Now onto my Problem (I have read the FAQ and followed it's recomendations). The first thing I noticed was my home page being changed to 'res://xognj.dll/index.html#96676'. This of course resets itself everytime I restart IE. Another problem is that when I enter any site into the address bar, instead of going to that page I goto another search type page 'res://xognj.dll/url_error.html#hotmail.com' (in this case I entered hotmail.com) which is titled:"Windows Help Center" and tells me I entered the wrong address (I didn't) and helpfully gives me the correct link. Finally I've been getting more then the usual amount of popups, including one when I start IE.

Here is my HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 11:21:48 PM, on 7/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\ntci32.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\iegf.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Brian\My Documents\utilties\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xognj.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://xognj.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://xognj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\xognj.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://xognj.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\xognj.dll/sp.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {F20ED84C-D847-D6C7-F794-2ED9DCB4B4D1} - C:\WINDOWS\javasy.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] c:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Documents and Settings\Brian\My Documents\utilties\d-tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iegf.exe] C:\WINDOWS\system32\iegf.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8158.5448263889
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab



Thanks for any help in advance,
Brian

#2 Autodad

Autodad

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 2,118 posts

Posted 05 July 2004 - 02:57 PM

Hi bjh349,

If you are still having your hijack concern, let's do this:

First, please put HJT in a Permanent folder.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.
This will allow backups to be made and saved By hijackthis in case something goes wrong
Follow this link http://www.netstar.me.uk/hjt/hjt.html if you need help.

About:Buster has been updated, so let's try this:
Please download About:Buster http://downloads.sub...AboutBuster.zip and unzip it to your desktop.
Start it, hit Ok, Start, And Ok to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

(There is a newer Version of HJT. You can get it here )




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button