Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech Forums - Register now for FREE

We're your place for tech questions. Join 87482 others, and join the conversation. Ask questions. Find answers. Share your ideas and opinions. Browse our community. You'll find experts who enjoy helping others. Who explain technical issues in a non-technical way that anyone can understand. Create an account today (it's 100% free)!

Create an Account Login to Account


Photo

Help! Ie Home Page Being Hijacked By Shopnav


  • This topic is locked This topic is locked
3 replies to this topic

#1 KMT

KMT

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 06 February 2004 - 01:12 PM

Here is the HijackThis log:
--------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 10:54:40 AM, on 2/6/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\svchost.exe
C:\WINNT\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINNT\System32\svchost.exe
C:\ePOAgent\FrameworkService.exe
c:\Program Files\Network Associates\VirusScan\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\Ibmmon.exe
C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
C:\ePOAgent\UpdaterUI.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoas...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bbycgateway/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fsgateway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoas...rch/search.html
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Ibmmon.exe] Ibmmon.exe
O4 - HKLM\..\Run: [SMS Application Launcher] C:\WINNT\MS\SMS\CORE\BIN\LAUNCH32.EXE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\ePOAgent\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ShStatEXE] "c:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://fsgateway
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {CAFECAFE-0013-0001-0009-ABCDEFABCDEF} (JInitiator 1.3.1.9) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com

-------------------------------

Thanks!
KMT

#2 dave38

dave38

    Authentic Member

  • Authentic Member
  • PipPip
  • 82 posts

Posted 06 February 2004 - 02:33 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://pop.popuptoas...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://pop.popuptoas...rch/search.html

O2 - BHO: (no name) - {14b3d246-6274-40b5-8d50-6c2ade2ab29b} - C:\Program Files\Srng\SNHelper.dll

O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = itdmis02.futureshop.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itdmis02.futureshop.com,futureshop.com,bestbuycanada.ca,bestbuy.com


Reboot, and delete the folder C:\Program Files\Srng

These may be hidden files. See HERE for how to show hidden files.

#3 KMT

KMT

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 06 February 2004 - 02:58 PM

Thanks so much! This worked brilliantly. You guys are AWESOME! KMT

#4 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 06 February 2004 - 06:46 PM

Glad we could help. :)
If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)

Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.




Similar Topics: Help! Ie Home Page Being Hijacked By Shopnav     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users