Help! Ie Home Page Being Hijacked By Shopnav, HijackThis log - need assistance Options

[KMT]

Here is the HijackThis log:
--------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 10:54:40 AM, on 2/6/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\svchost.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\System32\svchost.exe
C:\ePOAgent\FrameworkService.exe
c:\Program Files\Network Associates\VirusScan\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\Ibmmon.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\ePOAgent\UpdaterUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoast.com/9894/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bbycgateway/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fsgateway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoast.com/9894/search/search.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Ibmmon.exe] Ibmmon.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://fsgateway
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com

-------------------------------

Thanks!
KMT

[dave38]

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoast.com/9894/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoast.com/9894/search/search.html

O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll

O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com


Reboot, and delete the folder C:\Program Files\Srng

These may be hidden files. See HERE for how to show hidden files.

[KMT]

Thanks so much! This worked brilliantly. You guys are AWESOME!

KMT

[cnm]

Glad we could help.
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)

Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.