All,
I posted this on an earlier thread and caperjack said I should start my own. Basically my default home page has been redirected every time I reboot to www.searchdot.net.
I have run Sypot and tried Hijeckthis.exe but they did not solve the problem. caper's reply indicated I shoudl run cwshredder.exe, then re-run hijachthis and post the log. I have done that. Seems that the home page issue was solved by the steps but I was hoping someone could take a quick look at the log and see if there is something else lurking in the shadows of my computer.

Thanks
Krakpipe


Logfile of HijackThis v1.97.7
Scan saved at 11:41:14 AM, on 2/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Games\TeamSpeak\TSServer_NTService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\DllHost.exe
C:\Program Files\Enterasys Networks\Aurorean\Aurorean.exe
C:\PROGRA~1\ENTERA~1\Aurorean\IRCONN~1.EXE
C:\Program Files\Enterasys Networks\Aurorean\irDeliverySvc.exe
C:\Program Files\Enterasys Networks\Aurorean\irkeyex.exe
C:\Program Files\Enterasys Networks\Aurorean\rx\bin\jrew.exe
C:\Tony\Spyware Removal\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.excite.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.excite.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.107-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar_en_2.0.107-big.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.107-big.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37655.8777662037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C0CE9FB-D96C-4841-8109-52BB5D1343E2}: NameServer = 192.124.15.8 192.124.15.3

Recommended Answers

All 9 Replies

thanks for moving it here .Looks great just fix a few more minor ones .

Make sure all browser windows are closed and run hijack again and have it fix these .

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about_:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about_:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about_:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about_:blank

I figured CWShredder would fix it but it is recommended to run SpyBot and Ad-Aware first .

See How I got Infected In the first place Also in my Signature .

Good Luck

Caperjack,
Thanks for the quick turn-around. I read, installed and implemented some quick security and system updates. The big one was SP1a for XP - this should close the JVM hole that a lot of this garbage exploited. I have more to read but I think I'll be safer for the moment.
I appreciate the help!

Krak

Glad i could help !

I also am having some serious problems on my computer. for the last few months i can not even get online to go to a website it redirects to various search engines that dont work such as NAVA and I lookup and porn and casino sites. i installed ad aware and spybot search and destroy and spyware blaster and it seems to be running a little faster but i cant seem to get my anti virus installed because i had to restart at a previous date on system recovery to even get online.

i had the same problem but got rid of it with adaware 6

Hey folks.

Please- Do not post your questions in someone else's pre-existing thread.

It becomes too confusing to keep track of which answers relate to which question. It also creates a lot of work for the moderators, as we have to weed through these "piggybacked" threads and untangle the mess by splitting out the piggybacked questions (and their answers) into separate threads.

Dani (the site Admin) has outlined our policy in the posting guidelines in the "Announcement" thread at the top of each forum. Please read those guidelines if haven't already:

"Every question or new thought should have its own thread. Replies to a previous post should be thread replies to that particular thread. Do not piggyback threads by posting your question as a reply to another question."

robinrofkar,

Please delete your post here and start your own thread.

Thanks

Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking

Thew need to be some way to locking the old threads once the problem is solved . to stop the piggiebacking

There definitely is- the mods have the ability to lock threads, but the problem is that quite often the original poster's question hasn't even been answered/solved before the piggybacking happens. We don't want to lock a thread at that point because in doing so we'd also be locking the original poster out of a solution.

Don't worry though, we now have The Sacred Wet Trout:

[img]http://www.stevewolfonline.com/Downloads/DMR/Visuals/fishwhack.gif[/img]


A couple of TroutSlaps, and even the most reticent members will fall in line...

:D:D:D

Follow-up:

Caperjack,

Because this thread's original question was apparently answered (by you) 2 months ago, and the thread-starter did seem to imply that your suggestions did the trick, I will mark this one as solved and lock it as well to prevent further "tagging onto".

(Dani- if you don't feel that this appropriate, please let me know ASAP)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.