Jump to content


Photo

Home page hijacked by sex sites


  • Please log in to reply
1 reply to this topic

#1 robocomp

robocomp

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 24 May 2004 - 07:43 AM

I am having trouble with a home page hijacked to a sex page. Any help would be appreciated.




Logfile of HijackThis v1.97.7
Scan saved at 11:59:03 PM, on 5/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Antivirus\Norton Personal Firewall 2003\NISUM.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Antivirus\Norton Personal Firewall 2003\ccPxySvc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Antivirus\NAV2003\navapsvc.exe
C:\Antivirus\NAV2003\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\BRMFRSMG.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodManager.exe
F:\Utilities\AccountLogon\AccountLogon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\seksdialer.exe
C:\WINDOWS\system.exe
F:\Utilities\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search123.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.techbargains.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1521
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1521
R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {99B11124-6FA5-4D8F-AADB-10E0941F55FC} - (no file)
O2 - BHO: (no name) - {B4785B20-3118-4B9C-A986-A786091F3F71} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {74B9575D-EC49-407F-BDBB-251DEDA442C7} - C:\WINDOWS\System32\mlgkpg.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll
O2 - BHO: (no name) - {9FB534E3-67CB-4307-AE0A-9E8B5581BE2C} - C:\PROGRA~1\WINDOW~4\WinSB.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Antivirus\NAV2003\NavShExt.dll
O3 - Toolbar: Windows Search Bar - {A1DD937D-71E1-4BB5-BD5D-1B01B9CB1C2F} - C:\PROGRA~1\WINDOW~4\WinSB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\ANTIVI~1\NAV2003\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKCU\..\Run: [AccountLogon] F:\Utilities\AccountLogon\AccountLogon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-christopher milne.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program
Files\WebRebates\System\Temp\topr1150_script0.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - Home Prefix: c:\searchpage.html?page=
O13 - Mosaic Prefix: c:\searchpage.html?page=
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-downlo...tsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7969.7170949074
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind....03C00/setup.exe
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ntrol_v1-32.cab
O19 - User stylesheet: C:\WINDOWS\color.css

#2 l0rdinfamousxx

l0rdinfamousxx

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 24 May 2004 - 07:49 AM

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search123.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\mlgkpg.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.techbargains.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1521
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html#1521
R3 - URLSearchHook: (no name) - _{1E432263-6841-4653-8F02-366A2F77E339} - (no file)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000221} - (no file)
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file)
O2 - BHO: (no name) - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) - {99B11124-6FA5-4D8F-AADB-10E0941F55FC} - (no file)
O2 - BHO: (no name) - {B4785B20-3118-4B9C-A986-A786091F3F71} - (no file)

these might be your problem




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button