Over 1 million tech questions and answers.

Browser Hijacking

Q: Browser Hijacking

Hi & hope you can help.
My grandkids downloaded Kazaa and a few other programs during their visit . I have been busy trying to clean out all unwanted applications & all the ‘ScumWare’ that came along for the ride. Unfortunately, my Home Page setting (Use Blank) still gets hijacked periodically to MSN.com. Here is a recap of what I’ve done so far:
Downloaded & installed MS Service Pack 2, ran msconfig & selected Normal Startup. Rebooted & set Restore Point. Set Folder Options to show hidden files and folders. Ran CoolWebSearch Smartkiller (not found), CWShredder (cleaned infections found), Spybot S & D (fixed all), Ad-aware (quarantined all) and Bazooka Scanner (will follow advice later as to going into Registry Editor to correct). Prior to running the above, I checked for all available updates. I also downloaded, installed & ran Lavasoft’s VX2 Cleaner plug-in (system clean) as well as all other plug-ins. I’ve downloaded, installed & updated SpyBlaster. I’ve enabled IE & Restricted Sites protection and disabled the IE Home Page setting
I then went into the Add/Remove Programs function in Control Panel and removed PGate Basic & a few other unwanted applications but was unable to delete Kazaa v. 2.1.1 or IMBUM. Nothing happens when I click remove IMBUM and I get the following error message trying to delete Kazaa, ‘Error loading C:\WINNT\System32\cd_clint.dll. The specified module could not be found.’ IMBUM has me stumped as I can’t find anything called that on my hard drive. I think it might have had something to do with NetPals or Lycos or 1 of the other Search Bars I was able to get rid of. I have downloaded ‘kazaabegone’ but have not run it as I’m hoping there might be an easier way (heard it sometimes can mess up your Internet connection but have already downloaded LSPFix if that’s the way to go). Here is a copy of my latest HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 9:43:28 PM, on 9/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wscntfy.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\DESKTO~1\datray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\WINNT\system32\ntvdm.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\Hijack This\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.gatewaybiz.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [QD FastAndSafe] C:\Program Files\Norton SystemWorks\Norton CleanSweep\QDCSFS.exe /startup
O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorkFlo] D:\Install\WorkFlow.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [Desktop Architect] "C:\PROGRA~1\DESKTO~1\datray.exe" -S
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://home.ingdirect.com
O15 - Trusted Zone: http://security.symantec.com
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/23690f731465b4991103/netzip/RdxIE601.cab
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B228C5D8-679C-4985-AD4B-ACDA30A1A1E8}: NameServer = 205.188.146.146

I’ve read a bit on this (and HiJack This) and I’m really worried about the last item (017). I’m also concerned about a few of the 04 & 016 items that I do not recognize. If anyone can help me (I know this is a minor problem) but it would be majorly appreciated. And if anyone can direct me to a site where I can learn more to help others as well as myself, that would be greatly appreciated too.
Thanks in advance for any help in this. ProfessorBob

RELEVANCY SCORE 200
Preferred Solution: Browser Hijacking

I recommend downloading and running Outlook PST Repair. It's a PST repair tool that I've used it in the past to recover emails, contacts, tasks and notes from corrupt Outlook files that are damaged or inaccessible. Supports Outlook 2000, 2002, 2003, 2007, 2010 and 2013.

You can download it direct from this link http://goo.gl/1bjhSi. (This link will automatically start a download of Outlook PST Repair that you can save to your computer.)

A: Browser Hijacking

Read other 14 answers
RELEVANCY SCORE 53.2

Recently installed the latest version of Avant browser. I have set it not to be my default browser or to check if it is default on start up. I have Firefox set as my default browser and to check if it is on start up. The problem is every time I launch Avant and use it it makes itself the default browser. I know this because when I launch Firefox it says it's not the default and also if I wan to set it as the default. I do and when I use Avant again it steals the default browser setting again. I asked about this on the Avant forum and nobody has a solution. Most people on the Avant forum use that browser as their default so they don't care if it makes itself default. Any suggestions on how to stop this? I find this behaviour from a browser to be malware like.

A:Avant Browser Hijacking Default Browser Setting.

Welcome to Bleeping Computer Anthony A This is a good article on how to set Firefox as your Default Browser: Default Browser.If all else fails, the third-party utilities offered should work for you.

Read other 4 answers
RELEVANCY SCORE 49.6

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

A:browser hijacking

This topic has been closed. If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.Everyone else please begin a New Topic.

Read other 2 answers
RELEVANCY SCORE 49.6

If i run a search in Yahoo or Google I am sometimes redirected to another site that has nothing to do with what i clicked on. I have tried so many things to fix this. I tried some manual instructions, it said to search for ALCMTR.EXE and delete the file. There is also another file with this name, just not in all caps, should I delete this one as well?I tried AVG, Malwarebytes, I am running the microsoft windows malicious software removal tool (for about a half an hour) and these have found nothing. AVG came up with a crypto virus and seemed to take care of it, from what I have read it doesn't seem to be linked to the browser issues, but i could be wrong. I have been trying to fix this all day and I have no idea what my next step should be. At one point I tried running the computer in safe mode but it didn't seem to let me... Here is the HijackThis info if its helpful at allRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZA... Read more

A:Browser hijacking?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

I posted this on another forum about a week ago without any luck, perhaps because of the holidays, perhaps because that is a smaller forum.Hey, I was hoping someone could help me out with my hijacked browser. This problem seems to have initially occured via IE, but is affecting Firefox as well. All search engine results are spam sites. It doesn't matter which engine. This happened a couple of weeks ago. I have tried restoring back to November first and I have run several antivirals etc., which you can tell from my hijack this logs.Here are the logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:50:05 PM, on 12/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\msdtc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC: ... Read more

A:Browser hijacking

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

Every once in a while I stumble upon some kind of scam webpage which won't let me close the tab or do anything else unless I press something on a shady dialogue box saying "oh you didn't want to do exit, press ok and continue!" Is there a name for this so that I may find a good workaround for closing Firefox tabs?Here is an example for any experts who are interested; a tinyurl from an unrelated YouTube video's description. I had to close the dialogue box from its titlebar close button, drag my tabs into a new window, and kill that window. htt<BROKEN>p://tinyu<BROKEN>rl.com/3xwhq6qThanks!Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 49.6

Hi,I'm getting browser redirects again... I turned off my FW and AV to do some testing on DL speeds (another board, I know...) and I'm screwed again. Ran SB S&D, MAM, SAS and CCleaner. Attached is DDS log. GMER was weird- would scan for hours then crash. Disabled the cd emulation with defogger... Also ran GMR in safemode-nothing. idk what's up with that.thanks in advance!DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Reddick at 21:10:22.84 on Mon 05/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1266 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG... Read more

A:browser hijacking, pls help again!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 49.6

Running O/S vista home updated.
Browsers-Firefox 3, IE, & Opera, all latest versions.
Security-McAfee internet security suite. updated
Windows defender updated.

Believe browsers have been hijacked. After using browsers various ad pages start loading and warning received that start page on IE has been changed. After using firefox for a while it crashes and cannot be closed unless canceling application through task manager.

Attached is "hijackthis" startup report and log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:28:59, on 08/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jaime.LH-IY8J8WSLK8O4\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Jaime.LH-IY8J8WSLK8O4\AppData\Local\caqgg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PopTray\PopTray.exe
C:\Program Files\Windows ... Read more

A:Browser Hijacking

Hello and welcome to TSF.

HijackThis is no longer the preferred initial analysis tool in this forum

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 49.6

Laptop Packard Bell Easynote
Running O/S vista home-updated.
Browsers-Firefox 3, IE, & Opera, all latest versions.
Security-McAfee internet security suite - updated
Windows defender-updated.

Believe browsers have been hijacked. After using browsers various ad pages start loading at random and I have received a windows warning that the start page on IE had been changed. After using firefox for a while it crashes and after closing I am unable to reopen as windows tells me it is still running and can only be closed off by canceling application through task manager. After a restart firefox application is still running!

I have found a new file has been created automatically, under the title "My web sites on MSN". I have now deleted this file but only after several attempts.

I have run both windows defender scan , McAfee full scan twice and panda scan, all of which have confirmed the laptop is clean and running normal.

I am not sure what else to do or where to go from here.




DDS (Ver_09-03-16.01) - NTFSx86
Run by Jaime at 16:43:38.33 on 08/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.1917.828 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k se... Read more

A:Browser Hijacking

Hello and welcome to TSF.

Sorry for not being able to have replied to your topic. If you still need help, please start a new thread and post a fresh set of logs requested in our pre-posting process outlined below, as it has been quite a while since you posted. This one shall be closed.

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

Read other 1 answers
RELEVANCY SCORE 49.6

Hello,
 
I have Windows 7, i use Mozilla Firefox (i tried IE and Chrome and it happens on them too but it stopped since i went back to Mozilla and now it just does it in this one)
 
I have had an issue for the past week or two and any program i run is not solving it. I dont even have to be doing anything on my computer and a browser will pop up and it will be an ad like a casino, how to make money fast, news page, page that tends to have a video on it, etc. I can be away for 2 hours and ill have a browser window open with around 2 + tabs open. Overnight i will come back to about 7+. Even while i've been scanning my computer i have had the browsers popping up. What i have noticed is, this happens really fast, is a page will pop up - address of http://red.installer.xyz/ - and the page will count down from like 5 and the message says redirecting you to the site requested, along those lines. I still have full control of my browsers however.
 
Programs I have ran: (maybe im not running in the correct mode/options selected)
Malwarebytes Anti-Malware
JRT
Spybot (wasnt 100% sure how to run this one but it didnt seem to find anything)
AdwCleaner
Ad-Aware Antivirus
Microsoft Security Client
CCleaner
Microsoft Windows Malicious Software Removal Tool
Microsoft Safety Scanner
McAfee (unistalled now)
 
I have reset all the browsers - removed add ons if there were any. There were no addons installed that i didnt know what they were - it was all things ive done. There are... Read more

Read other answers
RELEVANCY SCORE 49.6

My browser was hijacked and kept returning to the following homepage:

res://yrzitdll/index.html#37049

After a bit of research I did the following:

Under internet options>advanced - I unchecked the 'enable third party browser extensions'

Restarted computer in Safe Mode

Ran AdAware (v6.0 Build 6.181; reference 01R325 27.6.2004)

Deleted everything it came up with

Ran HijackThis. Here is the log:

Logfile of HijackThis v1.97.7
Scan saved at 6:22:17 PM, on 6/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\Elizabeth\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yrzit.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yrzit.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yrzit.dll/sp.html#37049
O2 - BHO: (no name) - {AA258D02-7EAF-CF17-74F9-F542353A0DA6} - C:\WINDOWS\system32\addlt32.dll
O2 - BHO: NAV Helper - ... Read more

A:Help with browser hijacking fix

I'm not sure if bumping is allowed. Please let me know if this isn't kosher. Thank you.
 

Read other 2 answers
RELEVANCY SCORE 49.6

I am running Win XP with service pack 3. AMD Athlon XP2100MHz 2600+ Memory 2048Mb Running on a wireless home network using Linksys router. Other computers on the network are unaffected by this problem.I use Firefox as my browser but the same effects occur with IE. Using Google I am redirected to unwanted sites and assume this is what is known as hijacking. I notice that the name Google-analytics often appears in the URL address box but then the address can change rapidly many times before I am logged on to an unrequested site. The problem seems common but each occurenceseems to have its own differences so I have no idea where to start to try and cure the problem. Can you help?Edit: Moved topic from Bleeping Computer Announcements, Comments, & Suggestions to the more appropriate forum. ~ Animal

A:Browser hijacking

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

Read other 4 answers
RELEVANCY SCORE 49.6

I think my browser has been hijacked. I have ran avast and adaware and spybot and deleted about 500 infected files, but there always seems to be more. I do not know what else to do. Please help.
 

A:browser hijacking

Logfile of HijackThis v1.99.1
Scan saved at 1:19:09 AM, on 06/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\System32\ClientBR.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\Searchx.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.ve... Read more

Read other 1 answers
RELEVANCY SCORE 49.6

Many different people have access to this system, as it is a family computer, I have tried to do as much as I can to keep it safe & run scans faithfully, but infections still seem to slip thru periodically. This time, something is causing the browsers to either take forever to open or not open at all. The system also seems to be slower than usual. It was working great after I had it checked the last time, but like I said, a lot of people do a lot of different things on here and are not always conscientious about what they are doing or how they are doing it. Thank you in advance for any and all assistance, I greatly appreciate it!
E
 

A:HELP, PLEASE!! Browser Hijacking, etc.

Sorry, I forgot to include the HJT log. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:43 PM, on 12/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Micro... Read more

Read other 1 answers
RELEVANCY SCORE 49.6

Since yesterday we have been having a problem I have never hear or seen before. Problems started when I was browsing the internet. All of a sudden I have got diverted to a web page www.hillary2004.net. From there on I couldn't go to any other web page. If I tried it get diverted to the page above again.
Before long, other people started having the same problem.
I have spent hours checking settings on our DNS server. Checked it for viruses, trojans...nothing!!
If I disable the DNS server on services from my PC, it improves and I can connect to several places, however this sometimes brakes down again on certain places like www.hoovers.com.
Can anyone enlighten me on whats going on please??

A:Hijacking browser

Have you checked YOUR machine for viruses?

Read other 8 answers
RELEVANCY SCORE 49.6

My friend's father seems to be the victim of a browser hijacking, and possibly other malignant software. The computer is too bogged down to properly run Ad-Aware or a virus scanner. I ran HijackThis and got the following log:

Logfile of HijackThis v1.99.1
Scan saved at 3:48:50 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Documents and Settings\DAD\Application Data\SVCHOST.EXE
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network As... Read more

A:possible browser hijacking

You have 2 AV's running, remove one - you only want one active AV on a system

==================
Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
· Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
============... Read more

Read other 1 answers
RELEVANCY SCORE 49.6

I am running windows xp media center on my computer. Recently I tried doing a good search for a topic at school and every website that Google brings up looks legit but when i click on it I get redirected every SINGLE time! It usually takes me to websites pertaining to apartment searching or just general shopping websites. I am getting really frustrated and have no clue what is going on. This is also a computer my brother uses for his school work but logs onto my name, if this is something that he has caused im not going to be very happy! I feel that i am fairly competent when it comes to computers are searching for or deleting files or making changes. I just really am at a loss at the moment! any help would be great!

A:Browser Hijacking?

So here's the deal I am currently trying to research a paper and whenever I type a topic into Google, it brings up links that look legitimate even down to the addresses that are below the results. But when I click on the results I get redirected to websites that have nothing to do with what I am searching for. When the web pages load it brings up what looks like a the number 2 to the left of the address bar. Like on here to the left of the bar i see a small computer screen. I am currently using the newest versoin of Firefox. I have windows xp media center edition. I have currently ran SpyBot S&D, SUPER AnitSpyware Free Edtion, and Malwarebytes' Anti Malware. They find a few things here and there and i tell it to fix the problems but when I do another search I still get redirected. This is getting very frustration since I am trying to work on this paper! If ANYONE can help that would be great!

Read other 1 answers
RELEVANCY SCORE 49.6

hello, my browser has been hijacked by e-finder it looks like. i've used spybot and ad-aware but it keeps coming back. here is my hijack this log. please help...it'd be much appreciated.Logfile of HijackThis v1.97.3Scan saved at 12:05:23 PM, on 11/7/2004Platform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\gearsec.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINNT\System32\nvsvc32.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\ntvdm.exeC:\WINNT\System\MSMSGSVC.exeC:\OPLIMIT\ocrawr32.exeD:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search... Read more

A:browser hijacking..please help

HiYou are running an outdated version of HijackThis.. Delete the copy you have and download the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Run hijackthis.exe and post a new log please.When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.

Read other 10 answers
RELEVANCY SCORE 49.6

I'm running win XP and my browser will not go to Google and other sites on searches.

Hijackthis log follows and thanks for any help.
Doug

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:31:03 AM, on 3/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Norton Speed Disk\nopdb.exe
C:\dmi\win32\bin\Win32sl.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\SearchIndexer.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\WALGRE~1\WALGRE~1\data\xtras\mssysmgr.exe
C:\WINNT\... Read more

Read other answers
RELEVANCY SCORE 49.6

There is some browser hijakcing going on my computer. I need to get this sorted!
Symptoms:
google chrome not working
keep getting redirected to untrustworthy sites

What I have done:
ran a hijackthis scan
downloaded malwarebytes and am currently running a quick scan (will do a full one if that doesn't work)
hijakthis result
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:27, on 2010-06-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programs\AVG\AVG8\avgwdsvc.exe
C:\Programs\AVG\AVG8\avgtray.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\CyberLink\PCM4Everio\EverioService.exe
C:\Programs\DivX\DivX Update\DivXUpdate.exe
C:\Programs\Everything\Everything.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programs\Bonjour\mDNSResponder.exe
C:\Programs\ViStart\ViStart.exe
C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
C:\Programs\Innovative Solutions\DriverMax\devices.exe
C:\Users\Jamie\Local Settings\Applicati... Read more

A:Browser Hijacking

Download TDSSKiller and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

 

Read other 3 answers
RELEVANCY SCORE 49.6

Hi there,My browser has been hijacked and is periodically redirected to a casino website. My homepage is still fine though and has not been changed. I have 3 or 4 new items added to my Favourites list.I have run Spybot and Adware, but they seem to indicate that nothing is wrong. I have checked for updates and then re-run these tools to no avail. Below is my HijackThis logfile. Any comments would be much appreciated. Have a good weekend.regards,Arif Logfile of HijackThis v1.97.7Scan saved at 12:42:46, on 03/07/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\crypserv.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\WIN... Read more

A:Browser Hijacking- Please Help!

You also have a CoolWebSearch hijacker. There is a special tool to remove it called CWShredder.http://www.spywareinfo.com/~merijn/files/cwshredder.zipPlease download and then unzip the program. Close all open browser windows and run the program. Click the "Fix" button and let it fix everything it finds.Reboot, run HijackThis again and post a fresh log please

Read other 1 answers
RELEVANCY SCORE 49.6

First off, I'm really thankful that there's a place like this to go for help. Thank you in advance.
The problem is whenever I go to a site I usually frequent I get redirected to a search site. I just tried to go to my own wesite and got redirected again. I downloaded Hijack this and was hoping someone would take a look at the log and tell me what I should do. Thanks very much.
Scott
hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 12:04:41 PM, on 11/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Wintab32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\ShortCut ES2\signlab6.exe
C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe
C:\Documents and Settings\scott\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Pa... Read more

A:Please Help with browser hijacking

Read other 12 answers
RELEVANCY SCORE 49.6

Hi all,

I have an unwanted javascript at the end of all browsed pages. It is independent from the browser, occurs with IE and Fiorefox also.

So, I have created a hijackthis and a combofix logs, you can find them as attachment.

Could someone halp me how can I remove this hijacking?

Thank you!
 

Read other answers
RELEVANCY SCORE 49.6

sorry if this is in the wrong spot, but i know my browser is being hijacked cause it keeps redirecting me to some random website

heres a hijack this log (idk what to delete)


Quote:




C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\MagicDisc2\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Owner\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Owner\Desktop\010101\Warden.exe
C:\Users\Owner\Desktop\Bots\Bots\Clan-DT\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\DarkTemplars\DarkTemplars\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\DT-Baal\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\DT-Chaos\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\Dt-Trivia\Dt-Trivia\StealthBot v2.6R3.exe
C... Read more

A:browser hijacking

does anyone know how to fix this? -.-

Read other 2 answers
RELEVANCY SCORE 49.6

I have a HP Envy laptop and I am running Windows 8.1.  I use Mozilla Firefox for a browser.  When I click to open a new tab, it goes to AVG Secure Search page.  Also having some other small browser issues.  I have gone through some of the forums and tried a bunch of different adware, malware programs with no success.  I am using AVG free antivirus.  I have run Maleware Bytes, TDDS killer, ccleaner, and a few others.  I also ran the AVG remover tool.  If you need anymore info from me, please let me know.  Thanks for you help!!!!

A:Possible Browser Hijacking

Hello,please run a FRST scan:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

Read other 9 answers
RELEVANCY SCORE 49.6

I am using IE7 on a Windows XP operating system. When I click the search results of search engines I am being redirected. I have downloaded and run Hijack This (scan log attached). Can someone please help me?
 

A:IE7 Browser Hijacking

Read other 16 answers
RELEVANCY SCORE 49.6

Anyone had their browser hijacked? Any advice on best protection to prevent this from happening again and again. Someone suggest eblocs security toolbar on another forum - http://toolbar.eblocs.com - but I haven't seen much information on other forums on it and am reluctant to make a bad situation worse. My symptoms are I reset my start page in my browser (IE) but when I wake up in the morning it's been hijacked again. Is this an indication that something more serious going on?
 

A:Browser Hijacking

Welcome to TSG

We can recommend protection programs for you, but first I think we should check to see what's causing your browser to be hijacked.

Please do the following:

* Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 49.6

Hello all,

Thanks you all for your time. I would greatly appreciate any help in regards to the HJT scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:19 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDet... Read more

A:Please Help! Browser Hijacking???

Welcome to TSG
Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

Read other 1 answers
RELEVANCY SCORE 49.6

Recently I've noticed some changes in my web browsing, which is affecting my google searches. Whenever i click a link in google it will open in a new tab rather than just going to the page and, more often than not, these new tabs go to various pages that have nothing to do with what i was searching. I'm sick of my searches being hijacked, and it seems that my web browser is also being more 'sluggish'. My main browser is firefox, but I have also tested internet explorer and opera and the problem persists on those as well. Any help in rectifying this issue would be greatly appreciated.

A:Need help with browser hijacking.

Nevermind. I have managed to fix the problem myself.

Read other 1 answers
RELEVANCY SCORE 49.6

Yesterday AVG detected a virus, generic15.bpbt. I immediately got rid of it, and scanned again, and AVG came up clear. But my browser is still getting hijacked and sent to random sites. Everything I've checked has come up clean, AVG, Malwarebytes, Ad-Aware, cwshredder, etc. So I have no idea what to do now, or which things to get rid of in Hijackthis. Oh, I'm running XP and I don't have access to a Windows CD, this in on a Toughbook laptop with no cd drive.

-------------------------------------------------

DDS (Ver_09-11-24.02) - NTFSx86
Run by Katrina at 20:07:40.14 on Wed 11/25/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1275 [GMT -10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\EtmService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Pr... Read more

A:browser hijacking

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my ins... Read more

Read other 13 answers
RELEVANCY SCORE 49.6

i have a browser thats being highjacked. When i perform a search, the results show up, but if i choose when i get redirected. I am unable to run my malwarebytes-antimalware program, it will install fine but will not run. I tried to run the DDS program like instructed but never received a log. I have attached one from highjack this. I also get music and what sounds like commercials coming through my speakers? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:37:21, on 4/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CSHelper.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDO... Read more

A:browser hijacking

Hello.Please run Combofix.Download and Run ComboFix (Rename Before Saving)Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.Link 1Link 2 Link 3Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.Do not mouseclick the ComboFix window while it's running. That may cause it to stall.With Regards,Extremeboy

Read other 5 answers
RELEVANCY SCORE 49.6

Hi Guys,

I'm having trouble with my browser getting hijacked when I click on a link in Google, Yahoo, etc. I have tried Spy-Bot, AdAware, Spy Dr (all free versions) but nothing found a problem. MS OneCare Safety Scanner identified the problem as a Trojan:W32/Alureon.gen!H.

I'm running Vista Home Premium on a Dell XPS M1210 Laptop

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:53 AM, on 3/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\P... Read more

A:Help with browser hijacking

Read other 16 answers
RELEVANCY SCORE 49.6

I have read numerous posts and I am almost certain my browser has been hi jacked...ran anti-spyware,did a virus check, but can not run malware software nor open any other .exe files. I am in safemode now because my computer freezes up in normal mode and internet will open sometimes and or if it does when clicking a link from google search it redirects to another page that has nothing to do with the search?? Also I am getting a 'svchost.exe application error' all the time now. WTH? is going on here?? I have spent almost 4 days trying to figure this out before finding this forum to no avail...any help would be appreciated thankx.DDS (Ver_09-03-16.01) - NTFSx86 NETWORK Run by Foster at 16:17:24.95 on Thu 03/26/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.721 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Foster\Local Settings\Temporary Internet Files\Content.IE5\AIPFHANX\dds[1].scr============== Pseudo HJT Report ==... Read more

A:Browser Hijacking Going On?

No help i guess??

Read other 15 answers
RELEVANCY SCORE 49.6

Hi,I had a virtumond virus last month and ran several specialized programs and S&D, SaS, MAM, etc... but I still get occasional redirects (maybe once a day or something)... annoying enough that I'd like help to clean it all out I ran the gmer and have that ready.thanks.DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Reddick at 18:55:58.56 on Fri 03/12/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1337 [GMT -5:00]AV: avast! antivirus 4.8.1368 [VPS 100312-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A

-DD43BA9FAD83}FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-

D12744F1922A}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\Tall Emu\Online Armor\oacat.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\igfxpers.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Fi... Read more

A:browser hijacking, pls help

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 14 answers
RELEVANCY SCORE 49.6

My internet explorer keeps getting redirected everytime i click on a link and i get warnings from avg saying blackhole exploit virus are being found, explorere keeps crashing and closing unexpectedly too, log files attached.

Attach.zip

DDS.zip

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Daddy at 12:36:39.78 on 11/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2813.1582 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalSer... Read more

A:Browser Hijacking

attached log too ark.txt

Read other 19 answers
RELEVANCY SCORE 49.6

Title says it all, whenever I open up a browser IE pops up with ads. Ive run Avira Antivirus and Ad-Aware 2007 both come up negative. Ill be bumping this thread in a few days if no one sees it.

A:IE browser hijacking

Forgot to post the log file. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:58 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Wallpaper Master\Wallpaper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\lolifox\lolifox.exe
C:\Documents and Settings\Star Scream\D... Read more

Read other 19 answers
RELEVANCY SCORE 49.6

Hi Bleepingcomputer teamFor the past few days I've had search redirects. My first real issue was a window that popped up today in the background that I could not maximize or find under processes. When I tried to search the window title in google my keyboard went nuts and my computer crashed and gave me a BSOD error. I booted into safe mode and did an MBAM scan and found and "removed" 10 results. Among them were:Trojan Hiloti with key XtedituRootkit.AgentSpyware.passwords.xgenTrojan.FakeAlertI'm still getting re-directs and I'm terrified this is going to happen again. I start finals in a week.. I promise my neverending love in return for any assistance!!Below is a fresh hijackthis logLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:25:34 PM, on 05/12/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16671)Boot mode: NormalRunning processes:C:\Program Files (x86)\Dell Photo AIO Printer 922\DLBTmon.exeC:\Program Files (x86)\Pando Networks\Media Booster\PMB.exeC:\Users\Omar\Program Files (x86)\DNA\btdna.exeC:\Program Files\Conexant\SAII\SmartAudio.exeC:\Program Files (x86)\Steam\steam.exeC:\Program Files (x86)\DAEMON Tools Lite\DTLite.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.ex... Read more

A:Browser hijacking

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,I am thcbytes and I am here to help you!I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received and do not proceed if you need clarification.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.In the upper right hand corner of the topic you will see a button called Watch this topic. Click on this then choose Immediate E-Mail notification and then Proceed then you will be advised by email when I respond to your topic.After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes ... Read more

Read other 29 answers
RELEVANCY SCORE 49.6

Have a computer at work that got hijacked by about:blank. Here is the hijack this file. Help please.

Logfile of HijackThis v1.99.0
Scan saved at 11:49:56 AM, on 1/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Bernie Gerring\Desktop\New Folder\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service:... Read more

A:Browser Hijacking HELP!!!!!!!!!!!!!!

Read other 9 answers
RELEVANCY SCORE 49.6

For a month or so now I have had this problem.
The symptoms are:
Google search results - when I click on a result I am taken to a completely unrelated page - often something along the lines of smart.seekers appears in the address bar. If I click on the search same result 3 times however, the third time the problem does not occur.
I cannot download anything from Microsoft - all of the download pages slow down then lock up, so I cannot download updates to fix the problem.
We cannot access our hotmail accounts from the PC in question.
I was hit with a trojan about the same time, and I enlisted the help of a reputable techo who removed numerous trojans/viruses, but he didn't resolve the hijacking problem.
I have had to remove widows defender as I could not use it and it would bomb out when I tried updating definitions. It appeared to be some of the reason behind my PC running slow.
I have also tried NoAdware, however it also will not work properly, it stops after about 150000 files - it produces an error report which mentions active-x.
I am running xp professional with IE7. I have unstalled and reinstalled IE - it did make my PC work a lot faster, but I still have the same problems as mentioned above.
I use nod32 protection along with a couple of anti-spyware programs - I have changed them several times trying to find one that works. (I am using my work PC at present, so I haven't got the other programs in front of me to say what they are)
Would systems restore help?
I t... Read more

A:Web Browser Hijacking

Do your Nod32 and Anti-Spyware scans come up clean?

Read other 11 answers
RELEVANCY SCORE 49.6

i started getting random pop ups from CiD.com ive read through some of the other forums on this topic and ive downloaded and run hijackthis. my computer is running Win XP. heres the hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:45 PM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IMSafer\bin\imsc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Fi... Read more

A:CID browser Hijacking need help

Read other 13 answers
RELEVANCY SCORE 49.6

I have performed all the steps outlined in the preparatory guide to use before posting a log. My HijackThis log appears below. The problem I am having is periodically being redirected to undesirable websites while surfing, some which cannot be found and some pornographic. I am running Windows Media Center Edition and this mostly occurs while using Internet Explorer version 7.0.5730.11. Any and all help is appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:17:45 AM, on 10/24/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\PROGRA~1\McAfee\MSC\mcmscsvc.exec:\program files\common files\mcafee\mna\mcnasvc.exec:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeC:\PROGRA~1\McAfee\VIRUSS~1\m... Read more

A:Browser Hijacking

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Mikey L My name is Richie and i'll be helping you to fix your problems.Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.If you have previously downloaded ComboFix,please delete that version now.Now download Combofix and save to your desktop:Note: It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note: Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Do NOT post the ComboFix-quarantined-files.txt unless I ask.Also post a new Hijackthis log please.

Read other 9 answers
RELEVANCY SCORE 49.6

Hi all, as with many computer users my IE6 browser has been hijacked and wont relinquish its grip. The following comes up in the address bar -

res://ufjhn.dll/index.html#96676

I have Adaware6.0, SpywareBlaster and HiJackThis installed.
I regularily run Adaware and find the same 31 malware files day after day.

Day after day I quarantine and delete them only to have them reappear.
Heres what I do-
&#61623; Scan with Adaware6.0
&#61623; Quarantine and delete offending items
&#61623; Rescan with Adaware6.0
&#61623; All will be OK, nothing found.

However if I now launch IE6 (without even being connected to the internet) and rescan with Adaware6.0 I will find the same browser hijackers reinstalled ............. why ??

Not only this but my internet security settings keep changing to enable all ActiveX controls and plug-ins ........ not good.

Can anyone suggest what is going on and what I need to post here to rid myself of this evil ??

Thanks in adavnce ............ SP
 

A:Browser Hijacking

Read other 7 answers
RELEVANCY SCORE 49.6

Hey guys, here is one that I have not run across before. I can get online, and go to any page that I want if I type the address in the address bar, but if I click on a link it takes me to this page:

http://adservices10.marchex.com/

Any ideas??
 

Read other answers
RELEVANCY SCORE 49.6

Hi,I have Norton Personal Firewall. I've tried running Norton Antivirus, AdAware SE, Spybot S&D, Spysubtract and CWShredder. I also have Spyware Guard and Spyware Blaster. All of these (fully updated) have failed to prevent what looks like a hijacker from creeping in.Any chance of some help with this?Hopefully,HeraLogfile of HijackThis v1.99.1Scan saved at 21:37:19, on 30/06/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PackethSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\... Read more

A:HJT log [hijacking web browser]

If you still need help, could you post a fresh log please?

Read other 6 answers
RELEVANCY SCORE 49.6

I have gotten a browser hijacker loaded on my computer. I tried Spyware Doctor but it has not helped. Also tried Cloud Prevx 3.0 but it cannot get past the Master Boot scan. Hijack This came back with this log. Can you help?

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:13 AM, on 1/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Progr... Read more

A:Browser hijacking

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 49.6

For the past couple months or so, I've been having a problem with Internet Explorer. When I first use IE after restarting the computer, all the links take me to their corresponding websites. After browsing for awhile, some of the links start to take me to sites I've been to in the past, sites that I've never been to, or the "File Not Found" page when I know for a fact that the website exists. Eventually, IE is unusable because none of the links take me to their correct targets and I am forced to restart the computer. From what I have read, this seems like browser hijacking... correct me if I'm wrong. I've run Adaware, Spybot, and Webroot's Spy Sweeper, and none of them corrected the browser hijacking. Here's my Hijack-This file, any light you guys can shed on my problem is much appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 5:31:11 PM, on 7/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Mixer... Read more

A:Browser Hijacking?

Anybody?
 

Read other 3 answers