Jump to content


Photo

Help! Browser Hijacked


  • Please log in to reply
6 replies to this topic

#1 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 01:55 PM

I dont use Internet Explorer as my default browser, but I use it now and again for various things. And now im noticing something...I always have my homepage set as a blank page, but now it keeps getting changed to
http:///
and it says "page cannot be displayed" and shit to that effect. I've changed it back to blank page about a million times, but it keeps going back to
http:///
and says page cannot be displayed and shit. Scanned with adaware/spybot s&d/and spysweeper, with latest definitions, solved nothing. Also use CWShredder almost everyday (latest version) now im' going to post my hijackthis! log and see if one of you experts can figure out my problem.-

Logfile of HijackThis v1.97.7
Scan saved at 1:54:49 PM, on 7/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Corey\My Documents\Hijackthis!\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.255.42.65 :80
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5E92F538-B50B-46c5-9C5F-C6EECED3F6C6} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Define - C:\WINDOWS\Web\ERS_DEF.HTM
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\ERS_SRC.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\WINDOWS\Web\ERS_ENC.HTM
O9 - Extra button: AIM (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macrom...tor/cabs/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0401.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.micr...04/clearadj.cab

#2 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 02:05 PM

bump; sorry but this is kind of urgent, im leaving for vacation in about an hour and would really like to get this fixed before...

#3 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 02:30 PM

just ran spysweeper again, it removed "homepage hijacker" and some atwola cookie, but it seems like its removed the homepagehijacker before, so im wondering if its like coming back evertime or something. ive disabled system restore so it cant be in there....so...

help!

Edited by GHOST 1337, 23 July 2004 - 02:31 PM.


#4 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 02:52 PM

can i pleeeeeez get some help??

thx

#5 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 04:33 PM

bump

#6 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 04:55 PM

bump! someone fucking help me!!!!

#7 GHOST 1337

GHOST 1337

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 23 July 2004 - 05:48 PM

bump :gasp:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button