internet explorer HIJACK

[Alive_Hunter]

my internet explorer as been hijacked.

by defaullt its opening some search site.

i tried cleaining it with many spy software but in vain.

please help..

and where can i download full offline setup of latest microsoft internet explorer.

waithing for reply...

 

[swatkat]

ok, now it's time for some hands on job...download and run HijackThis, and Scan ur system and Save the Log file.....then post the content of Log file here....let's check out the bad things in ur computer....

*www.spychecker.com/program/hijackthis.html

MS only gives tip of the full IE installation, and it downloads the programs required while installing, this is irritating...u can find IE 6 SP1 in all of the Electronics For You Magazine's CD, in the Popular Repeats section, try to get it....

 

[babumuchhala]

Did u try the Microsoft AntiSpyware bcos it catches even a small dammn change in IE. MS AS is the best fr IE hijack repairs.

Dude better shift to Firefox

 

[enoonmai]

Follow swatkat's suggestion and post a HJT log file so we can get a clearer idea. However, spyware removers are also like antivirus programs and need to be updated with the latest detection updates to root out the spyware completely. The best thing to do is to either use BHODemon 2.0 and then chuck the broswer hijack out, or use Spybot S&D with the latest advanced library checks and the detection library and then once you root the spyware out, please make sure you run the system protection (TeaTimer.exe) at all times to prevent any unwanted registry changes.

 

[Alive_Hunter]

HijackThis.log file

The below mentioned is the log file txt. for HijackThis

--------------------------------------------------------------------------------------

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\bowc87jnwgkvnthd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Ositis Software\WinProxy 5\WinProxy.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPDebug.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.exe
D:\utilities\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *letgohome.com/hp.htm?id=11305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *letgohome.com/sp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\dbq3lgji.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\dbq3lgji.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\W8C6S4~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\bowc87jnwgkvnthd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINNT\dnscleaner.exe
O4 - Startup: WinProxy.lnk = C:\Program Files\Ositis Software\WinProxy 5\WinProxy.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O4 - Global Startup: winlogin.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!*toprefsys.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c18.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50B5FEE5-126B-4CB6-9066-9D12CFBD72EF}: NameServer = 203.94.227.70 203.94.243.70
O20 - AppInit_DLLs: z1rdigkznocx5dl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-------------------------------------------------------------------------------------

Please help me ..

I am waiting for reply.........


[/b]

 

[techno_funky]

Re: HijackThis.log file

The below mentioned is the log file txt. for HijackThis

--------------------------------------------------------------------------------------

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\bowc87jnwgkvnthd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Ositis Software\WinProxy 5\WinProxy.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPDebug.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.exe
D:\utilities\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *letgohome.com/sp.htm?id=11305 --- remove
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305 --- remove
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *letgohome.com/hp.htm?id=11305 ---- remove
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305 --- remove
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *letgohome.com/sp.htm?id=11305 --- remove
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\dbq3lgji.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\dbq3lgji.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\W8C6S4~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\bowc87jnwgkvnthd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINNT\dnscleaner.exe
O4 - Startup: WinProxy.lnk = C:\Program Files\Ositis Software\WinProxy 5\WinProxy.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O4 - Global Startup: winlogin.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!*toprefsys.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c18.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50B5FEE5-126B-4CB6-9066-9D12CFBD72EF}: NameServer = 203.94.227.70 203.94.243.70
O20 - AppInit_DLLs: z1rdigkznocx5dl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-------------------------------------------------------------------------------------

Please help me ..

I am waiting for reply.........


[/b]

remove the ones marked in red
i.e tick them and click "fix cheked"
iam suspicious with the one in bold
lets see what others say

 

[swatkat]

Re: HijackThis.log file

wow...lots of baddies here....

The below mentioned is the log file txt. for HijackThis

--------------------------------------------------------------------------------------

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPService.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\bowc87jnwgkvnthd.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Ositis Software\WinProxy 5\WinProxy.exe
C:\PROGRA~1\OSITIS~1\WINPRO~1\WPDebug.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DAP\DAP.exe
D:\utilities\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *letgohome.com/hp.htm?id=11305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *letgohome.com/sp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\dbq3lgji.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\user\Application Data\Mozilla\Profiles\default\dbq3lgji.slt\prefs.js)
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\W8C6S4~1.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\bowc87jnwgkvnthd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINNT\dnscleaner.exe
O4 - Startup: WinProxy.lnk = C:\Program Files\Ositis Software\WinProxy 5\WinProxy.exe
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O4 - Global Startup: winlogin.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!*toprefsys.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c18.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{50B5FEE5-126B-4CB6-9066-9D12CFBD72EF}: NameServer = 203.94.227.70 203.94.243.70
O20 - AppInit_DLLs: z1rdigkznocx5dl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-------------------------------------------------------------------------------------

Please help me ..

I am waiting for reply.........


[/b]

in HijackThis, select the entries which are marked in red and click Fix.....
Restart in Safe mode, and then delete these files using Find utility of Windows:-
C:\WINNT\system32\W8C6S4~1.DLL
C:\foo.mht!*toprefsys.com/G7/chm10.chm::/ieloader.exe
ieloader.exe
z1rdigkznocx5dl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dl
bowc87jnwgkvnthd.exe

then, restart and clean the junk left behind by using, Cleanup! and CCleaner...
*cleanup.stevengould.org/
*www.ccleaner.com/

after this, post a fresh HijackThis log...

 

[kl_ravi]

Also visit the following link and see which security updates you need and install/update the same.....

*v4.windowsupdate.microsoft.com/en/default.asp

Recently my PC was also hijacked by spywares. Swatkat helped me to solve the problem completely. Now my PC is fine. Do as swatkat says. ...

 

[enoonmai]

Hmm, slightly off-topic, but I just noticed the HJT listing for OS isnt there. So, if its Windows XP, it would be better to use v5 of Windows Update.

@Alive_Hunter: Once you follow swatkat's advice and clear out all spyware, please make sure you install Spybot S&D, and leave its TeaTimer system protection turned on at all times to prevent anything like this from ever happening again.

 

[swatkat]

@Alive_Hunter, is ur problem fixed?Also, download and run AboutBuster which removes any StartPage hijackers lurking around....
*www.malwarebytes.biz/

@kl_ravi, i am happy to hear that ur porblem solved.....
thanks....

 

[it_waaznt_me]

Re: HijackThis.log file

C:\WINNT\system32\bowc87jnwgkvnthd.exe

First kill this process from Task Manager .. (Ctrl Shift Esc , Then select this process in the Process tab, and click on Del .. ) ...

Now Put a checkmark next to these entries when you run HijackThis again and Click on Fix Checked ..

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = *letgohome.com/sp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *letgohome.com/hp.htm?id=11305
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *letgohome.com/hp.htm?id=11305
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = *letgohome.com/sp.htm?id=11305
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINNT\system32\W8C6S4~1.DLL
O4 - HKLM\..\Run: [Control handler] C:\WINNT\system32\bowc87jnwgkvnthd.exe <-- Virus
O4 - Global Startup: winlogin.exe <-- Virus
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!*toprefsys.com/G7/chm10.chm::/ieloader.exe <-- Search Hijacker
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - *static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c18.cab <-- Spyware ..
O20 - AppInit_DLLs: z1rdigkznocx5dl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll

Now boot in Safe Mode and Search and Delete these files :
C:\foo.mht
bowc87jnwgkvnthd.exe
winlogin.exe
W8C6S4~1.DLL

To remove virus from your system, Scan your system with updated antivirus :

And Scan your system with updated virus definitions:
Panda ActiveScan
Stinger
Symantec System Check ...