|
|
|||||||
| Spyware Cleaning Section Closed!! |
| Notice: The spyware cleaning (HijackThis) section is closed. Wilders Security no longer provides one on one spyware cleaning assistance. Please see this announcement for a list of websites that provide such services. |
|
|
Thread Tools | Search this Thread |
|
#1
May 22nd, 2004, 11:43 PM
|
|||
|
|||
"Hijacked" with a twist
Well now, not only has my browser been hijacked but I am not allowed to left click on "My Computer" nor am I allowed to use "Tools > Internet Options > General > Settings > View Objects". My computer freezes if I attempt either. I have run ad-aware, hijackthis and norton anti-virus until I am blue in the face. I have emptied my temp files and cleared cookies. I am now going to post my hijackthis log in case anyone has come across the same problems and could make a suggestion. Thanks in advance. By the way, I've "Fix Checked" all of those named "http://cashsearch.biz/redir.php". They keep returning.
PS: I would love to know who owns this domain name. They need to receive a nasty email along with a lawsuit. Logfile of HijackThis v1.97.7 Scan saved at 11:32:43 PM, on 5/22/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\HIDSERV.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE C:\WINDOWS\SYSTEM\HPZTSB04.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE C:\WINDOWS\GWHOTKEY.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cashsearch.biz/redir.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cashsearch.biz/redir.php R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://cashsearch.biz/redir.php N3 - Netscape 7: user_pref("browser.startup.homepage", "http://news.bbc.co.uk"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\nnih4lzd.slt\prefs.js) N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\nnih4lzd.slt\prefs.js) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_16_0.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_3_16_0.DLL O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.EXE -off O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [bpcpost.exe] C:\WINDOWS\SYSTEM\bpcpost.exe O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O12 - Plugin for .asp: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll O12 - Plugin for .mpeg: C:\WINDOWS\DESKTOP\BROWSERS\PLUGINS\npqtplugin3.dll O15 - Trusted Zone: http://*.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.microsoft.com O15 - Trusted Zone: http://loginnet.passport.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...7864.507337963 O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productu...ntent/opuc.cab |
|
#2
May 23rd, 2004, 05:28 AM
|
||||
|
||||
|
Re: "Hijacked" with a twist
Hi Stephen,
Can you please download and run this tool : http://www.zerosrealm.com/downloads/pv.zip Unzip to folder of choice and doubleclick on runme9x.bat A log will open, can you please post that log here? Thnx Cheers, |
|
#3
May 23rd, 2004, 07:38 AM
|
|||
|
|||
|
Re: "Hijacked" with a twist
Hello Unzy,
I did what you asked. I clicked on the runme9x.bat and a menu popped up. The first three choices came up as bad command or file name. The fourth one I could access. Did you want a log from all five choices? Thanks. Stephen |
|
#4
May 23rd, 2004, 08:14 AM
|
||||
|
||||
|
Re: "Hijacked" with a twist
I needed a log from option 1
Sorry I forgot to mention that. Is there no log created after running option one? If an error box pops up, you can just click OK, that can happen if you have scriptblocking or so Make sure you : -Unzipped to a folder -You are online -And have one internet window open (startpage or so, or whatever) Thnx Cheers, |
|
#5
May 23rd, 2004, 10:01 AM
|
|||
|
|||
|
Re: "Hijacked" with a twist
Hi,
No good. I clicked on option 1 and a blank notepad box appeared entitled "log". |
|
#7
May 23rd, 2004, 10:17 AM
|
|||
|
|||
|
Re: "Hijacked" with a twist
ok. I've made a copy of the file and put it in it's own folder. please excuse the time delay. when I try and do certain things on my computer it freezes and I am constantly rebooting. thanks for your assistance.
|
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
