Jump to content


Photo

hijacked homepage


  • This topic is locked This topic is locked
6 replies to this topic

#1 p0p0

p0p0

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 May 2004 - 06:33 PM

i keep getting the dubolom homepage even though i use the program prescribed to get rid of it. ive also tried adaware cwshredder and search and destroy. none of them have worked and now im trying hijack this. if someone could help me out i would really appreciate it.
heres my log:

Logfile of HijackThis v1.97.7
Scan saved at 4:26:09 PM, on 5/19/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NIKON\NKVIEW\EVLSTNR.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BACKWEB-8876480.EXE
C:\PROGRAM FILES\POPUP ZAPPER\CSPOPUPZAPPER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEENGINE.EXE
C:\WINDOWS\DLLHELP.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPHIPM07.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dubolom.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://dubolom.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dubolom.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dubolom.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://dubolom.com/index.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [EVENTLISTENER] C:\Program Files\Nikon\NkView\EvLstnr.exe
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [ICSDCLT] C:\WINDOWS\rundll32.exe C:\WINDOWS\SYSTEM\icsdclt.dll,ICSClient
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe C:\PROGRA~1\AIM95\DeadAIM.ocm,ExportedCheckODLs
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Popup Zapper] C:\PROGRAM FILES\POPUP ZAPPER\CSPOPUPZAPPER.exe
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhelp.exe
O4 - HKCU\..\RunServices: [Desktop Architect] "C:\PROGRAM FILES\DESKTOP ARCHITECT\DATRAY.EXE" -S
O4 - HKCU\..\RunServices: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Steam] C:\Program Files\Steam\Steam.exe
O4 - HKCU\..\RunServices: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\RunServices: [Popup Zapper] C:\PROGRAM FILES\POPUP ZAPPER\CSPOPUPZAPPER.exe
O4 - HKCU\..\RunServices: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\RunServices: [dllhelp] c:\windows\dllhelp.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .gen: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll

#2 p0p0

p0p0

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 May 2004 - 06:51 PM

bump

#3 p0p0

p0p0

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 May 2004 - 07:02 PM

bump

#4 p0p0

p0p0

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 May 2004 - 07:57 PM

bump

#5 p0p0

p0p0

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 19 May 2004 - 10:39 PM

please help!

#6 bartman

bartman

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 22 May 2004 - 01:42 PM

Hi p0p0,

I just had the same problem. See the thread located at http://www.spywarein...?showtopic=1608.

Quinstar posts a great solution (although you can ignore the items that are related to the Alexa toolbar). The item that escaped my attempts at removal was the "O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe" located not only in the HijackThis register but also had to be manually deleted from C:/Program File/Internet Exlporer/IEngine.exe as a final step.

Hope this helps somewhat.

#7 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 22 May 2004 - 02:14 PM

p0p0, bartman is partly correct. There is another item in yourlog that must be removed as well.

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [dllhelp] c:\windows\dllhelp.exe
O4 - HKCU\..\RunServices: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\RunServices: [dllhelp] c:\windows\dllhelp.exe

Reboot, and delete

files
C:\Program Files\Internet Explorer\IEengine.exe
c:\windows\dllhelp.exe


These may be hidden files. See HERE for how to show hidden files.

Please post a followup Hijack this log, and say if the problems persist.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button