Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Hijacked by IWON.com

  • This topic is locked This topic is locked




  • Member
  • PipPip
  • 14 posts
Ok yesterday I noticed my browser was getting really slow. I ran Adaware and Spybot, both with current updates. Both programs found stuff which I deleted.It seemed like everything was ok and I decided to change my homepage to CNN.com and couldn't. I have ran HJT and deleted the first entry listing Iwon.com as the homepage. I ran regedit and reset the key in the registry to cnn.com. As soon as I close the key in the registry and reopen it, the iwon entry is back. Also as soon as I click fix in HJT and rescan the key returns. I have shutdown and started in safe mode and the key will delete and stay deleted until I restart.I have ran HJT in safe mode, and CWShredder as well as spybot. NO luck, I hope someone here will see what I am missing. I also boot logged both safemode and normal, 54 .sys files load in normal mode that do not load in safe mode. If I shutdown from safe mode and restart in safe mode the key does not return, but as soon as I restart normally it comes back. Below is the HJT log;

Logfile of HijackThis v1.98.2
Scan saved at 9:09:40 PM, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\FarStone\VirtualDrive\vdtask.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\Art\LOCALS~1\Temp\Temporary Directory 3 for hijackthis1977.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.iwon.com/i...G=home&SEC=bnav[/B]N3 - Netscape 7:
surrender.gif user_pref("browser.startup.homepage", "http://inside.arb.ca.gov/index.htm"); (C:\Documents and Settings\Art\Application Data\Mozilla\Profiles\default\0yyw4xsi.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\vdtask.exe /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  • 0




    Founder Geek

  • Administrator
  • 24,491 posts
Duplicate post. Continued here:

Topic closed.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP