Snitz Forums 2000 - Homepage keeps on changing

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Community Forums

Community Discussions (All other subjects)

Homepage keeps on changing

New Topic

Topic Locked

Printer Friendly

Author

Topic

lostinspace
Starting Member

2 Posts

Posted - 17 August 2004 : 06:32:01

My homepage keeps getting changed to http://your-searcher.com/sp.htm and it's driving me mad. Thought it might be a variant of coolweb search so I've run CWShredder which did detect and remove coolwebsearch but it keeps recurring.

Also, when I shut down the pc it says ending program Win Min and a few minutes later it says it can't shut down the program.

Can anyone help me stop this?

Here is acopy of the hijack this log:-

Logfile of HijackThis v1.97.7
Scan saved at 22:51:46, on 16/08/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Exif Launcher\QuickDCF.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlgn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC
2.EXE
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Edward\Local Settings\Temp\Temporary Directory 7 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgin.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PPWebCap] C:\PROGRA~1\ScanSoft\PAPERP~1\PPWebCap.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0
2.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\Exif Launcher\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: winlgn.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Suggestions (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...ol_v1-0-3-9.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all01.1and1.co.uk/app/sta...ivex/msxml4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab

Any help would be greatly appreciated.

Shaggy
Support Moderator

Ireland
6780 Posts

Posted - 17 August 2004 : 07:16:07

The homepage in your profile or the homepage in admin options? Have you made any changes to your forum recently?

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”

Podge
Support Moderator

Ireland
3776 Posts

Posted - 17 August 2004 : 08:16:10

Download Adaware (free last time I checked).

http://www.lavasoftusa.com/support/download/

Podge.

The Hunger Site - Click to donate free food | My Blog | Snitz 3.4.05 AutoInstall (Beta!)

My Mods: CAPTCHA Mod | GateKeeper Mod
Tutorial: Enable subscriptions on your board

Warning: The post above or below may contain nuts.

lostinspace
Starting Member

2 Posts

Posted - 17 August 2004 : 09:20:51

quote:
Originally posted by Shaggy

The homepage in your profile or the homepage in admin options? Have you made any changes to your forum recently?

The homepage when I'm surfing the net. I haven't made any changes to my forum lately.

When I was online last night looking at a site Norton Antivirus popped up and said "malicious script detected" so I left the site and logged off but ever since I keep getting diverted to this new homepage.

Podge
Support Moderator

Ireland
3776 Posts

Posted - 17 August 2004 : 13:37:07

AdAware should remove any spyware on your computer.

Roland
Advanced Member

Netherlands
9335 Posts

Posted - 17 August 2004 : 13:50:59

if ad-aware doesn't find it, give spybot search & distroy a go. Also free, and it's found some things on my computer that ad-aware didn't (and vice versa).

sr_erick
Senior Member

USA
1318 Posts

Posted - 18 August 2004 : 01:41:07

Also try Spysweeper at www.webroot.com It picks up a lot of things Spybot leaves behind. It's free as well.

Erick
Snowmobile Fanatics

pdrg
Support Moderator

United Kingdom
2897 Posts

Posted - 18 August 2004 : 04:44:06

xpsp2 will also help prevent reinfection

The Impact
Junior Member

Australia
398 Posts

Posted - 18 August 2004 : 05:50:32

http://your-searcher.com/help.htm

Might be some help to you, that uninstall.exe file may be useful.

Shaggy
Support Moderator

Ireland
6780 Posts

Posted - 18 August 2004 : 07:50:04

quote:
Originally posted by lostinspace
The homepage when I'm surfing the net.

If you'd posted this in the correct forum to start with, you would have received the help you were looking for much quicker.

Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”

Nathan
Help Moderator

USA
7664 Posts

Posted - 18 August 2004 : 12:26:22

Use Firefox

Nathan Bales
CoreBoard | Active Users Download

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.35 seconds.