Jump to content


Photo

E-Catalog.org Home Page Hijack


  • Please log in to reply
1 reply to this topic

#1 Florida

Florida

    Member

  • New Member
  • Pip
  • 2 posts

Posted 27 July 2004 - 06:48 AM

My home page has been hijacked. The startup page is always www.e-catalog.org. I have tried several spyware and adware removal tools with no success my HijackThis log is posted below. Any help would be appreciated.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\scagent.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\w32sup.exe
C:\WINDOWS\hrtcm.exe
C:\WINDOWS\System32\mcc.exe
C:\WINDOWS\System32\bxrtkio.exe
C:\Documents and Settings\user\Application Data\manr.exe
C:\WINDOWS\System32\NDrv.exe
C:\DOCUME~1\user\LOCALS~1\Temp\mcc.exe
C:\Program Files\HistoryKill\hkPopupKiller.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\user\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.e-catalog.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-catalog.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-catalog.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e-catalog.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.earthlink.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-catalog.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.e-catalog.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.e-catalog.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-catalog.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-catalog.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.earthlink.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-catalog.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-catalog.org
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll
O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\System32\inetdctr.dll
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.dll
O2 - BHO: (no name) - {FC1B1A8D-3DDA-4E70-8E5E-DC0200181E11} - C:\WINDOWS\madopew.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Hotkey] C:\WINDOWS\System32\hkeyman.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [w32sup] C:\WINDOWS\System32\w32sup.exe
O4 - HKLM\..\Run: [hrtcm] C:\WINDOWS\hrtcm.exe
O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe
O4 - HKLM\..\Run: [lircjhkkg] C:\WINDOWS\System32\bxrtkio.exe
O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe
O4 - HKCU\..\Run: [Omrs] C:\Documents and Settings\user\Application Data\manr.exe
O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

#2 mmxx66

mmxx66

    The SWI drummer

  • Retired Staff
  • PipPipPipPipPip
  • 4,412 posts

Posted 04 September 2004 - 01:29 PM

Sorry for the delay, if you still have problems post a fresh log please




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button