Jump to content


Photo

Hijacked PC - CWS.SearchX Help Please


  • Please log in to reply
8 replies to this topic

#1 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 06 June 2004 - 07:46 AM

Hi there.
Thanks for reading this.

I've been hijacked for quite some time now.
The symptoms are that when I open my browser, I get a Search page and sometimes even when I type a URL in the browser's address bar I get the same search page (with some pop-up too).

Anyway, I run CWShredder to get rid of the problem, followed by HijackThis.
All seems to be restored to what it should be like, but some time later (at the most about 1 day later) it all happens again.

Oddly enough, I've been offline for a while last week (the whole apartment complex had no connection) and CWS seemed to not be able to re-activate itself until I got back online this week.

I'm running HijackThis v.1.97.7 and CWShredder v.1.59.9.0 (updated online yesterday). CWShredder removes the CWS.SearchX variant.

Here's the log I get from HijackThis right after clearing the system via CWShredder; any suggestion on what to do next?

Thanks in advance for your time.
F.O.R.

=============
Hijack This log:
Logfile of HijackThis v1.97.7
Scan saved at 8:37:53 AM, on 6/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Logitech\iTouch\kbdtray.exe
C:\Documents and Settings\FRANCESCO RIZZI\My Documents\dloads\HijackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe
O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7876.4192361111
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.madonion...lobal/msc34.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 06 June 2004 - 08:00 AM

A few things you may need to know and I did not include in my original post:
I'm running on Win XP Home and MSIE 6.0.2800

Thanks,
F.O.R.

#3 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 06 June 2004 - 06:47 PM

... [ bump ] ...

#4 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 07 June 2004 - 06:37 AM

... [bump] ...
(I hope my bumping every 12 hrs is acceptable)

#5 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 07 June 2004 - 06:54 PM

... [ bump ] ...
(no complaints on the bumping yet :-)

#6 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 09 June 2004 - 04:45 PM

.. [ bump ] ...

please,
*getting desperate*
have pity :-)

#7 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 10 June 2004 - 05:22 PM

...[[ bump ]]...

have mercy ?

#8 Olorin

Olorin

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 15 June 2004 - 05:33 PM

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! ** H ** E ** L ** P ** !!
!! !!
!! P ** L ** E ** A ** S ** E !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

#9 centrus88

centrus88

    Member

  • Full Member
  • Pip
  • 24 posts

Posted 22 June 2004 - 04:56 PM

same exact problem, its hard getting a response on this forum, theres a lot of people and a limited number or helpers, i suppose :mellow:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button