Jump to content


Photo

Home page hijacker


  • Please log in to reply
3 replies to this topic

#1 harryroy

harryroy

    Member

  • New Member
  • Pip
  • 2 posts

Posted 24 July 2004 - 04:30 AM

Hi,

I have read the FAQ, run spy bot and tried regedit.

The homepage keeps going to res://nguur.dll/index.html#37049.

Can any one help.

#2 pomp

pomp

    Forum Deity

  • Helper
  • PipPipPipPipPip
  • 1,163 posts

Posted 24 July 2004 - 07:44 AM

hello

Go here http://www.downloads...AboutBuster.zip download it and unzip to the desktop.


Boot up into safe mode by tapping F8 while it boots up.

Run about:buster about 3-4 times. Save the log it generates into a text file or anywhere you'd like. Boot back into normal mode, post the About:buster logs and a new hijackthis log. Thanks.




PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD

#3 harryroy

harryroy

    Member

  • New Member
  • Pip
  • 2 posts

Posted 26 July 2004 - 02:38 AM

Thank you for replying.

Buster los.

-- Scan 1 --------
About:Buster Version 1.31
Removed! : C:\WINDOWS\kbmifr.dat
Removed! : C:\WINDOWS\nguur.dll
Removed! : C:\WINDOWS\System32\javacv32.exe
Removed! : C:\WINDOWS\System32\kbmif.dat
Removed! : C:\WINDOWS\System32\ksrkr.dat
Removed! : C:\WINDOWS\System32\otipz.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 --------
About:Buster Version 1.31
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 3 --------
About:Buster Version 1.31
Attempted Clean Of Temp folder.
Pages Reset... Done!

Hijack Log

Logfile of HijackThis v1.98.0
Scan saved at 10:15:36, on 25/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\netclnd.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\apiyt.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\sdkrh32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nguur.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://nguur.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://nguur.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\nguur.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\nguur.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://nguur.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://photos.msn.co...21&locale=en-gb
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {DA607F98-7426-F515-81BC-B6FAA2D7AE86} - C:\WINDOWS\mswj32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [sdkrh32.exe] C:\WINDOWS\system32\sdkrh32.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\RunOnce: [DELDIR0.EXE] "C:\DOCUME~1\Owner\LOCALS~1\Temp\DELDIR0.EXE" "C:\Program Files\McAfee\McAfee Shared Components\Guardian\"
O4 - HKLM\..\RunOnce: [apiyt.exe] C:\WINDOWS\apiyt.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

#4 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 04 September 2004 - 04:35 PM

Sorry for the delay, if you still have problems post a fresh log please




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button