Help~ my IE got hijacked!

[keni]

whenever i open my brouser(IE) it automatically opens a search page (linklist.cc), nomatter how hard i tried to change it in the tool, internet option menu. I have also tried some softwares like: CWShredder.exe, and SpHjfix.exe, but no sign of improvement. Feels like it's hopeless~ Please help me out.
Thanks
btw, the HijackThis log looks like the following:
//////////////////////////////////////////////////////////

Logfile of HijackThis v1.97.7
Scan saved at 9:18:07 PM, on 6/12/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe
C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Documents and Settings\Keni\My Documents\My Received Files\ielock.exe
C:\WINDOWS\sysupd.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvmctray.exe
G:\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "about:blank"); (C:\Documents and Settings\Keni\Application Data\Mozilla\Profiles\default\zzzhmxeq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keni\Application Data\Mozilla\Profiles\default\zzzhmxeq.slt\prefs.js)
O2 - BHO: (no name) - {8B516EDF-B460-4482-84B8-2F89CAA5845D} - C:\WINDOWS\System32\fgl.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &RepliGo - {81F4066B-F330-4872-8094-3E9FBCCEC8C1} - C:\Program Files\Cerience\RepliGo\RepliGoIEBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\VisualIPInsight\IPMon32.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScanMSC] "C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe" /EMBEDDING
O4 - HKLM\..\Run: [Super Rabbit IELock] C:\Documents and Settings\Keni\My Documents\My Received Files\ielock.exe /load
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [nvmctray] C:\WINDOWS\System32\nvmctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Download by NetAnts - C:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: Download &All by NetAnts - C:\PROGRA~1\NetAnts\NAGetAll.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://free.aol.com
O15 - Trusted Zone: http://www.egchina.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://61.152.160.40:1995/talk.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BAA07C31-16C7-4E8B-BC40-5096ADA26C03} (VTPlug Class) - http://61.152.160.40:1995/VTrans.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DCF0768D-BA7A-101A-B57A-0000C0C3ED5F} - file://C:\x.cab

[softwareguy]

Try this:
http://www.pchell.com/support/tscash.shtml

Good Luck!

[m4dj]

Hi !

Try to use hijackthis tool in safe mode . Run the windows in safe mode and than run hijackthis tool.

You have to check the following lines in hijackthis tool:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
N3 - Netscape 7: user_pref("browser.startup.homepage", "about:blank"); (C:\Documents and Settings\Keni\Application Data\Mozilla\Profiles\default\zzzhmxeq.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Keni\Application Data\Mozilla\Profiles\default\zzzhmxeq.slt\prefs.js)
O2 - BHO: (no name) - {8B516EDF-B460-4482-84B8-2F89CAA5845D} - C:\WINDOWS\System32\fgl.dll

Your problem is here listed:
O2 - BHO: (no name) - {8B516EDF-B460-4482-84B8-2F89CAA5845D} - C:\WINDOWS\System32\fgl.dll

In safe mode got o windows/system32 and locate the file fgl.dll
You have to remove it ! Mybe in time to time this dll will change name. You have to delete it ! And than run again hijack this after reboot and see if the problem is solved. Run also cwshredder. I think it will work. I had the quite same problem like you.

Good luck. I suggest also to try spybot 1.3 search & destroy.

regards
Goran

[pikachodan]

Try this:
http://www.pchell.com/support/tscash.shtml

Good Luck!

Doesn't using Lavasoft's AdAware Professional 6.0 stop the hijacking of IE.  I just bought the full version for this purpose.  I was hijacked one time.  Changed my default IE homepage to some scumware site that came with one of those stoopid adware cookies.  I had to manually fix that and it loaded some crap into my startup meant to siphon personal data (like Data Miner, but more complex).  I did catch it quickly.  No problems since installing AdAware Pro.