home search page hijack

  BRISK 11:09 11 Aug 04
Locked

Hello everone my home page has been hijacked any ideas how i can get rid of this virus.The thing is i ran norton anti virus i still have 3 blood hound virus left but cant seem to delete them.Could This be contributing to the hijacking.And i cant send them to symantec because they dont get quartined anymore.

Also I`ve run spybot which said it had found several probs and so i deletd them.I then ran ad-aware and deletd everything there.If i run ad aware after starting up it seems to find one prob after i`ve been to the home page.

Also tried msconfig and unchecked some of the startup progs.

  jonnytub 11:24 11 Aug 04

run hijackthis click here

  colberly 11:29 11 Aug 04

With the virus, try turning off system restore and then do a virus check not forgetting to turn it on again afterwards. You will lose all your restore points, but worth it.

  BRISK 11:37 11 Aug 04

If its cw shredder i`m having trouble connecting to the webpage any way i`ve run cw shredder and it says my p.c is fine.Also turned off the power restore colberly.And ran the norton anti virus.No joy to elminanting the prob.

  jonnytub 11:38 11 Aug 04

It isn't CWS shredder if your having problems mail me again and i'll send hijackthis via email.

  jonnytub 11:46 11 Aug 04

also use an online scan engine such as trends click here

  Confab 12:17 11 Aug 04

Try running your cleaning apps in safe mode. It was the only way I got rid of the nasties on my PC.

  BRISK 12:45 11 Aug 04

Logfile of HijackThis v1.97.7
Scan saved at 12:38:49 PM, on 8/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\crjn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\CE\nmSvc.exe
C:\documents and settings\debbie\local settings\temp\B.exe
C:\WINDOWS\System32\dssplat.exe
C:\documents and settings\debbie\local settings\temp\Akf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\appkn32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\edltpki.exe
C:\WINDOWS\System32\bubyp.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\unzipped\hijackthis\HijackThis.exe

  BRISK 12:49 11 Aug 04

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\iidna.dll/index.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\iidna.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\iidna.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1AF59910-7EE1-072B-A5CE-DCC5213E655E} - C:\WINDOWS\system32\netzr.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\en-gb\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [NMSVC] C:\Program Files\CE\nmSvc.exe
O4 - HKLM\..\Run: [B] C:\documents and settings\debbie\local settings\temp\B.exe
O4 - HKLM\..\Run: [7FsV3si] dssplat.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Akf] C:\documents and settings\debbie\local settings\temp\Akf.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [jvmnplxhm] C:\WINDOWS\System32\bljrwl.exe
O4 - HKLM\..\Run: [appkn32.exe] C:\WINDOWS\appkn32.exe

  jonnytub 13:22 11 Aug 04

the only entry i can find that looks suspicious after a "quick scan" of your post is the search assistant one. This is i believe a variant of the notorious mysearch bar. for removal click here

  BRISK 16:51 11 Aug 04

This is what it says in current homepage Bar = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\iidna.dll/index.html#96676 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\iidna.dll/sp.html#96676 R0 - HKLM\Software\Microsoft.

This thread is now locked and can not be replied to.

Amazon Fire HD 8 review: A brilliant combination of function and value – with one massive caveat

1995-2015: How technology has changed the world in 20 years

How to create an introvert-friendly workplace

Apple Watch Series 2 review | Apple Watch 2 review: New Apple Watch is faster, brighter,…