Web Browsers RSS Web Browsers RSS

IE6 hijacked - cwshredder&hijackthis can´t clear it

Reply

Join Date: Oct 2003
Posts: 21
Reputation: Ron Wolpa is an unknown quantity at this point 
Solved Threads: 0
Ron Wolpa's Avatar
Ron Wolpa Ron Wolpa is offline Offline
Newbie Poster

IE6 hijacked - cwshredder&hijackthis can´t clear it

 
0
  #1
Aug 21st, 2004
aug 21 2004

IE6 has been hijacked ;

http://homepage.com/ is the start page now ;
(Start page entry is :
http://%68%6F%6D%65%70%61%67%65%2E%6...%63%63/%68%70/ )

I tried to run CWShredder v1.59.1 and hijackthis v1.98.2 ;

CWShredder´s Restoring Internet Explorer Pages item suceeds to clear 18 items ; The 1st time I open IE6 after using CWShredder , it opens a blank page , then I close to test it and open a 2nd time , so the hijacking page is back as start page ;

I ran hijackthis v1.98.2 , but without success :

browser helper object C:\DPE.dll has been found , I check it to be fixed , but
it gets back ;
At the end of this post I will paste hijackthis LOG ;

It is interesting to note that I have the useless SpywareBlaster Version 3.2 which would be a protection against hijacking (by the looks of it I will remove it......feeling cross about that) ;

Well friends I count on you for some help ;

Cheers
RW
.....................................................................................................
Logfile of HijackThis v1.98.2
Scan saved at 21:17:24, on 21/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\ADMUNCHER\ADMUNCH.EXE
C:\WINDOWS\SYSTEM\FPPDIS2A.EXE
C:\VITALAGENT8\VITALAGENT\PROGRAM\VTLAGENT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\MSXMIDI.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\ARQUIVOS DE PROGRAMAS\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\!_DOWNLOAD\!_IE6_SETUP_SECURITY\IE_SECURITY\HIJACKTHIS\HIJACKTHIS_V1.98.2.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.com%00@www.e-finder.cc/hp/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://homepage.com%00@www.e-finder.cc/search/ (obfuscated)
O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\DPE.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Ad Muncher] C:\ADMUNCHER\ADMUNCH.EXE /bt
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\SYSTEM\fppdis2a.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: MyVitalAgent.lnk = C:\vitalagent8\VitalAgent\Program\VtlAgent.exe
O4 - Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\getright502\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\getright502\GRbrowse.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\icq\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\icq\ICQ.exe
O13 - DefaultPrefix: http://%65%68%74%74%70%2E%63%63/?
O13 - WWW Prefix: http://%65%68%74%74%70%2E%63%63/?
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {D9CE2963-8547-4C18-A4CE-DA27278310D8} (Instalador Remoto UOL) - http://download.uol.com.br/discadorU...iveInstall.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab28578.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab28578.cab
O16 - DPF: {F1835D04-7CCF-489E-8184-C08A1F682169} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL

.....................................................................................................
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Web Browsers Forum
Thread Tools Search this Thread



aiim2009 android aol apple awesomebar background britain browser browserproblems browsers browsing budget bug bughunt censorship childabuse china chrome client code compuserve contest crash defect development dns email error europe exploit explorer facebook fennec firefox gecko google government history ie7 ie8 internet internet.broadband internetexplorer internetexplorer8 internetusage iphone leak linux malware marshallmcluhan media memory microsoft mitmedialab mobile mobilebrowsers mosaic mozilla music networking news newspapers newyork offline olympics onlinecommunities opensource opera opera.software patch plugins porn privacy problem safari seamonkey security sex silverlight social software surveys teenagers television testing thunderbird twitter u.s. uk update usenet utest video web webbrowser webdevelopment wikipedia windowslivemail worldrecord worldwideweb
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC