Help! Problem with browser hijacker

Computing.Net > Forums > Windows XP > Help! Problem with browser hijacker

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Help! Problem with browser hijacker

Name: jasont
Date: February 18, 2004 at 20:56:15 Pacific
OS: Windows XP
CPU/Ram: Pentium 4 and 512MB Ram

Comment:

Encountered browser hijacker CWS affiliate winshow. Have used Ad-ware, Spybot, Cwshredder. All have detected and removed the trojan, but after reboot the broswer still gets hijacked and changed homepage to some porn site. Wanted to post log from Hijackthis but received warning against posting the log until some expert requested for it. Please request the log so that I can post it. Need help urgently!!

Sponsored Link

Ads by Google

Response Number 1

Name: IronMan
Date: February 18, 2004 at 21:01:53 Pacific

Reply:

This may be an obvious question, but did you turn off System Restore before scanning your PC with the utilities (e.g., Spybot, etc.)?

Response Number 2

Name: crazyworld123
Date: February 18, 2004 at 21:31:21 Pacific

Reply:

Have you scanned in safe mode?

Response Number 3

Name: jasont
Date: February 18, 2004 at 21:51:18 Pacific

Reply:

I've not turned off System Restore or scanned in safe mode. Does it matter?

Response Number 4

Name: Solarian
Date: February 18, 2004 at 22:16:57 Pacific

Reply:

Jasont:
I matters a great deal. What you're trying to expunge from your system has probably infected System Restore as well. Turn it off; reboot your PC into Safe Mode; scan and delete with your utilities again.
Solarian

Response Number 5

Name: jasont
Date: February 18, 2004 at 22:38:01 Pacific

Reply:

I have reboot to Safe mode. Disabled System Restore and run Spybot. Spybot detects CmsMin and removed. Changed homepage to www.yahoo.com, removed favourites and reboot system.
When reboot to normal mode, the homepage gets highjacked again. What else could be the matter?

browser hijack help paypal problem with browser word document help problems with typing	loading problems with browsers Help! problems with new computer and Win32k.sys recent trojans with browser hijack
See More

Response Number 6

Name: Solarian
Date: February 18, 2004 at 23:57:08 Pacific

Reply:

jasont:
Time for you to post a HijackThis log in the Security & Virus forum. 8-)
Solarian

Response Number 7

Name: jasont
Date: February 19, 2004 at 00:47:47 Pacific

Reply:

Posted in Security & Virus forum but no reply. Can someone help me with the logfile here? Thanks.
Logfile of HijackThis v1.97.7
Scan saved at 12:34:29, on 2/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\InetPub\cws.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\IBM\CLIENT~1\cwbbs.exe
C:\PROGRA~1\IBM\CLIENT~1\cwbntred.exe
C:\Program Files\IBM\Client Access\CWBPROVD.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\EzButton\CPLBTS88.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\IBM\Client Access\cwbuitsk.exe
C:\Program Files\IBM\Client Access\CWBSVD.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\ntrtscan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HATANO\�f�X�N�g�b�v\HijackThis.exe
F0 - syst>m.ini: Shell=
F0 - R >ystem.ini: Shel>=
F0 - R >ystem.ini: UserInit=
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CPLBTS88] C:\PROGRA~1\EzButton\CPLBTS88.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\CwbSvStr.exe"
O4 - HKLM\..\Run: [Client Access Taskbar] "C:\Program Files\IBM\Client Access\cwbuitsk.exe"
O4 - HKLM\..\Run: [Client Access API Daemon] "C:\Program Files\IBM\Client Access\cwbappcd.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.exe /AUTORUN
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: USB001
O4 - Global Startup: ntuser.pol
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8035.7798263889
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BICS.COM.SG
O17 - HKLM\Software\..\Telephony: DomainName = BICS.COM.SG
O17 - HKLM\System\CCS\Services\Tcpip\..\{43BF835C-F465-4B57-B0A1-2DE5A76DA8B6}: NameServer = 192.168.0.10,210.193.2.34,210.193.2.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BICS.COM.SG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BICS.COM.SG
O17 - HKLM\System\CS2\Services\Tcpip\..\{43BF835C-F465-4B57-B0A1-2DE5A76DA8B6}: NameServer = 192.168.0.10,210.193.2.34,210.193.2.36
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BICS.COM.SG
O17 - HKLM\System\CS3\Services\Tcpip\..\{43BF835C-F465-4B57-B0A1-2DE5A76DA8B6}: NameServer = 192.168.0.10,210.193.2.34,210.193.2.36

Sponsored Link

Ads by Google

C++ Runtime error/ instal...

Cant open my compute

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows XP Forum Home

Sponsored links

Ads by Google

Results for: Help! Problem with browser hijacker

plz help remove 2 browser hijackers

Summary

www.computing.net/answers/windows-xp/plz-help-remove-2-browser-hijackers/119173.html

HELP! Problem with Internet explorer 6

Summary

www.computing.net/answers/windows-xp/help-problem-with-internet-explorer-6/14489.html

HELP! problem with IE

Summary

www.computing.net/answers/windows-xp/help-problem-with-ie/58810.html

From the Geek Dictionary
Tech Weanie - Someone who has skills with computers, but not real life.

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Batch files: FOR loop counting

Mouse wont drag anymore on internet

windows system32 config system missing or cor

Increasing Number Batch Rename

photo gallery

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

News Corp Rivals Threaten to De-list from Google

Google, Tivo Team Up to Track Ad Viewing Habits

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE