i need serious Help!! browswer hijacked..

**cweb** · 11-08-2004

Hi, i've been trying to fix this problem for the longest time... i've even booted into safe mode and tried deleting the registry files manually but it didn't work.. wut happens is when i open my browswer.. the homepage jumps to this other page... and when i type in a url without "www" or "http://" it redirects to another website...so i'm pretty lost.. hope u can help me out..
heres my log file using Hijackthisv1.98.2 :

Logfile of HijackThis v1.98.2
Scan saved at 1:13:03 AM, on 8/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winpt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\apiap.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\kcgao.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://C:\WINDOWS\system32\kcgao.dll/index.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\kcgao.dll/index.html#37794
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kcgao.dll/sp.html#37794
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {8D0E2CDC-2340-2D6B-DBFC-F49D56B0FCEC} - C:\WINDOWS\wincm.dll
O4 - HKLM\..\Run: [winpt.exe] C:\WINDOWS\system32\winpt.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

**owen** · 11-08-2004

Close all browser windows, restart Hijack This and put a checkmark next to the following entries:

O2 - BHO: (no name) - {8D0E2CDC-2340-2D6B-DBFC-F49D56B0FCEC} - C:\WINDOWS\wincm.dll

Click Fix Checked

Please download About:Buster and unzip it to your desktop. Then boot into safe mode (Instructions here). Start it, hit Ok, Start, And Ok again to start the scan. It will generate a log. Post that log along with a new Hijack this log here.

**cweb** · 12-08-2004

Thanks for replying..

I deleted that BHO file...

but when i boot into safe mode and run aboutbuster.... not long after it starts scanning it goes:

Run-time error '13'
Type Mismatch

so what should i do now?

**owen** · 12-08-2004

Download and unzip About:Buster again in Normal Mode, then boot into Safe Mode and try again.

**cweb** · 13-08-2004

k i scanned it with aboubuster... and here's my log file

Scanned at: 11:54:56 AM on: 8/13/2004

-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 2 Random Key Entries
Deleted 1 Service Keys Successfully!
Removed! : C:\WINDOWS\aahpw.dll
Removed! : C:\WINDOWS\ajjby.dat
Removed! : C:\WINDOWS\aqrcz.dll
Removed! : C:\WINDOWS\crjw.exe
Removed! : C:\WINDOWS\hgwei.dat
Removed! : C:\WINDOWS\mfcel.exe
Removed! : C:\WINDOWS\mkyfl.dat
Removed! : C:\WINDOWS\owylu.dat
Removed! : C:\WINDOWS\qlllf.dll
Removed! : C:\WINDOWS\tjete.dll
Removed! : C:\WINDOWS\uaeft.dat
Removed! : C:\WINDOWS\vizju.dll
Removed! : C:\WINDOWS\wyluv.dll
Removed! : C:\WINDOWS\zazqo.dll
Removed! : C:\WINDOWS\System32\atloh32.exe
Removed! : C:\WINDOWS\System32\bxtwe.dll
Removed! : C:\WINDOWS\System32\crty.exe
Removed! : C:\WINDOWS\System32\dcdbj.dll
Removed! : C:\WINDOWS\System32\fjckn.dll
Removed! : C:\WINDOWS\System32\gteut.dll
Removed! : C:\WINDOWS\System32\hbxer.dll
Removed! : C:\WINDOWS\System32\hybyl.dll
Removed! : C:\WINDOWS\System32\kcgao.dll
Removed! : C:\WINDOWS\System32\mbxtw.dat
Removed! : C:\WINDOWS\System32\ovqcy.dat
Removed! : C:\WINDOWS\System32\txtfj.dat
Removed! : C:\WINDOWS\System32\winpt.exe
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Removed 2 Random Key Entries
Attempted Clean Of Temp folder.
Pages Reset... Done!

after i restarted in the comp..and opened internet explorer... the same thing happneedd... my homepage goes to this other homepage again..

**owen** · 13-08-2004

You need to post a new Hijack This log as well and then we can deal with it from there.

i need serious Help!! browswer hijacked..

i need serious Help!! browswer hijacked..

Similar Threads

hijacked?

I've Been Hijacked

IE has been Hijacked, Help!!

Been Hijacked

hijacked !!!