Over 1 million tech questions and answers.

Reoccurring clickker.cn browser hijacking

Q: Reoccurring clickker.cn browser hijacking

Hi all,

I noticed a couple days ago that clickker.cn was hijacking my google queries, so I formatted my system partition and started fresh. (Formatting seemed less of a hassle than the scanning/disinfecting/combofix solutions I saw here.)

Unfortunately, it appears that the malware stuck around despite the format, or else was unleashed again within the first few apps I reinstalled after the format. I suspect it may be the latter.

I'm hoping that you guys might be able to answer a couple general questions:

1. Will this clickker.cn malware stick around despite formatting, or is it probably the case that I foolishly reinstalled it myself? Could it have attached itself to executables on other partitions?

2. Does this malware have a keylogger component? Should I be worried about the fidelity of any logins/passwords I used on the infected machine? (e.g. gmail accounts, online banking, etc.)

EDIT: WinXP pro, service pack 3.

Thanks in advice for your help and expert advice!

RELEVANCY SCORE 200
Preferred Solution: Reoccurring clickker.cn browser hijacking

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Reoccurring clickker.cn browser hijacking

Hello andypants,

is it probably the case that I foolishly reinstalled it myself?Click to expand...

If you carried out a reformat (and sometimes people do a re-install thinking they have carried out a reformat) then you would have reintroduced the virus yourself.

If you want me to look at it for you do this:

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

Read other 3 answers
RELEVANCY SCORE 135.6

Hi all,

I noticed a couple days ago that clickker.cn was hijacking my google queries, so I formatted my system partition and started fresh. (Formatting seemed less of a hassle than the HJT/combofix solutions I saw here.)

Unfortunately, it appears that the malware stuck around despite the format, or else was unleashed again within the first few apps I reinstalled after the format. I suspect it may be the latter.

I'm hoping that you guys might be able to answer a couple general questions:

1. Will this clickker.cn malware stick around despite formatting, or is it probably the case that I foolishly reinstalled it myself? Could it have attached itself to executables on other partitions?

2. Does this malware have a keylogger component? Should I be worried about the fidelity of any logins/passwords I used on the infected machine? (e.g. gmail accounts, online banking, etc.)

(specs: WinXP pro, service pack 3)

Thanks in advice for your help and expert advice!

A:Reoccurring clickker.cn browser hijacking

Will this clickker.cn malware stick around despite formatting, or is it probably the case that I foolishly reinstalled it myself? Could it have attached itself to executables on other partitions?YesDid you try backing up documents and such to an external hard drive? That would be infected alsoDoes this malware have a keylogger component? Should I be worried about the fidelity of any logins/passwords I used on the infected machine? (e.g. gmail accounts, online banking, etc.)It's possibleThe new viruses are morphing every day

Read other 1 answers
RELEVANCY SCORE 56.8

===============================================

Sysinfo:
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 6006 Mb
Graphics Card: NVIDIA GeForce 310M, 512 Mb
Hard Drives: C: 232 GB (35 GB Free); D: 221 GB (31 GB Free);
Motherboard: Acer, Aspire 4740
Antivirus: Microsoft Security Essentials, Enabled and Updated

===============================================
Once every month or so, my browser(s) (Chrome and IE) would open up an ad-filled page called "th.hao123.com". The default start page for both of them are set to "new tabs page" on launch.

I searched for "hao" in the registry and found suspicious entries in the following folders: "HKEY_CURRENT_USER\Software\Microsoft\Interent Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DHP" under the "DoNotAskAgain" key's value as saying: "th.hao123.com". And also in the folder: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN" under the "Start Page" key's value as saying: "http://th.hao123.com/?tn=sdks_inner_hp_09_hao123_th&guid=bfc7f3cf757f1eea017a41a569e2d927". And once again, in the folder: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" under t... Read more

Read other answers
RELEVANCY SCORE 53.2

Recently installed the latest version of Avant browser. I have set it not to be my default browser or to check if it is default on start up. I have Firefox set as my default browser and to check if it is on start up. The problem is every time I launch Avant and use it it makes itself the default browser. I know this because when I launch Firefox it says it's not the default and also if I wan to set it as the default. I do and when I use Avant again it steals the default browser setting again. I asked about this on the Avant forum and nobody has a solution. Most people on the Avant forum use that browser as their default so they don't care if it makes itself default. Any suggestions on how to stop this? I find this behaviour from a browser to be malware like.

A:Avant Browser Hijacking Default Browser Setting.

Welcome to Bleeping Computer Anthony A This is a good article on how to set Firefox as your Default Browser: Default Browser.If all else fails, the third-party utilities offered should work for you.

Read other 4 answers
RELEVANCY SCORE 49.2

Hey guys, here is one that I have not run across before. I can get online, and go to any page that I want if I type the address in the address bar, but if I click on a link it takes me to this page:

http://adservices10.marchex.com/

Any ideas??
 

Read other answers
RELEVANCY SCORE 49.2

Having a problem with something that has gotten into my browser and at random times will take over my browser and start popping windows everywhere. It will continue to do it even if I disconnect my ethernet connection, so I know it is somewhere on my pc, I just can't locate all of it. I can find some of it and delete it.
When it happens, I have to stop everything and use the task manager to close IE, but it closes all browsers and is a HUGE annoyance, because I have to start up a new one and it makes surfing virtually impossible.
Does anyone know of a program that searches for these pirates of my web browser??? Please let me know.

Brewha
 

A:Browser Hijacking

Hi brewha88,

Please go to http://www.tomcoyote.org/hjt/, and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a .txt file, and copy and paste its contents into your next post.

Most of what it lists will be harmless, so do not fix anything yet.

Regards,

Pieter
 

Read other 1 answers
RELEVANCY SCORE 49.2

Morning experts!

My browser was (is) hijacked by searchpage.cc/1507. I am hoping that someone would look over my hijackthis log and let me know the proper steps to take.

Logfile of HijackThis v1.97.7
Scan saved at 9:52:01 AM, on 4/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\BRIANO~1\LOCALS~1\Temp\JobMonitor\JobMonitor.exe
C:\Documents and Settings\Brian O'Reilly\My Documents\My Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://nkvd.us/1507/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nkvd.us/1507/
R1 - HKCU\... Read more

A:browser hijacking

Read other 12 answers
RELEVANCY SCORE 49.2

I've a serious problem with IE browser being hijacked with numerous pop-ups and redirecting to other websites. I ran all the spyware help, (Adaware,Spybot,Windows defender), and they find stuff and remove them but they come right back. I dowmloaded Hijackthis and install it. I just don't know what to fixand repair without messing something else up. I'm including the log below. Any help would be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:49:09 PM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common... Read more

A:Need help with browser hijacking !

Hi, juxie123.

Welcome to TSG.

Download the HostsXpert 4.2 - Hosts File Manager.

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 4.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item wit... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

For the past couple months or so, I've been having a problem with Internet Explorer. When I first use IE after restarting the computer, all the links take me to their corresponding websites. After browsing for awhile, some of the links start to take me to sites I've been to in the past, sites that I've never been to, or the "File Not Found" page when I know for a fact that the website exists. Eventually, IE is unusable because none of the links take me to their correct targets and I am forced to restart the computer. From what I have read, this seems like browser hijacking... correct me if I'm wrong. I've run Adaware, Spybot, and Webroot's Spy Sweeper, and none of them corrected the browser hijacking. Here's my Hijack-This file, any light you guys can shed on my problem is much appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 5:31:11 PM, on 7/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Mixer... Read more

A:Browser Hijacking?

Anybody?
 

Read other 3 answers
RELEVANCY SCORE 49.2

Recently while updating a UTube program I have used for years with no problem, this time it gave me a browser hijacking malware now that seems to come back no matter what I do to eliminate it. I use Firefox startpage mainly and can correct it temporarily by using Firefox help but the hijacker"hxxp:// proxy.allsearchapp.com/app/start/" is persistant and keeps returning. Is there any Anti-Malware program that can get rid of this?? Not being a pc expert I don't want to do it manually for fear of messing up the registry.Thank you for any suggestions.Bill S.

A:Browser Hijacking

Please download Malwarebytes Anti-Malware and save it to your desktop.Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A.4. Issues.Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.After the scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware.When done, a log report will open in Notepad.The log is automatically saved and can be viewed by clicking the Logs tab .Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.Exit Malwarebytes when done.If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection... Read more

Read other 20 answers
RELEVANCY SCORE 49.2

Hi all, as with many computer users my IE6 browser has been hijacked and wont relinquish its grip. The following comes up in the address bar -

res://ufjhn.dll/index.html#96676

I have Adaware6.0, SpywareBlaster and HiJackThis installed.
I regularily run Adaware and find the same 31 malware files day after day.

Day after day I quarantine and delete them only to have them reappear.
Heres what I do-
 Scan with Adaware6.0
 Quarantine and delete offending items
 Rescan with Adaware6.0
 All will be OK, nothing found.

However if I now launch IE6 (without even being connected to the internet) and rescan with Adaware6.0 I will find the same browser hijackers reinstalled ............. why ??

Not only this but my internet security settings keep changing to enable all ActiveX controls and plug-ins ........ not good.

Can anyone suggest what is going on and what I need to post here to rid myself of this evil ??

Thanks in adavnce ............ SP
 

A:Browser Hijacking

Read other 7 answers
RELEVANCY SCORE 49.2

My friend's father seems to be the victim of a browser hijacking, and possibly other malignant software. The computer is too bogged down to properly run Ad-Aware or a virus scanner. I ran HijackThis and got the following log:

Logfile of HijackThis v1.99.1
Scan saved at 3:48:50 PM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Documents and Settings\DAD\Application Data\SVCHOST.EXE
C:\Program Files\Cox\Applications\app\Prism.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winferno\Secure IE\SIEPulse.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network As... Read more

A:possible browser hijacking

You have 2 AV's running, remove one - you only want one active AV on a system

==================
Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
============... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

sorry if this is in the wrong spot, but i know my browser is being hijacked cause it keeps redirecting me to some random website

heres a hijack this log (idk what to delete)


Quote:




C:\Windows\system32\Dwm.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\MagicDisc2\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Owner\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Owner\Desktop\010101\Warden.exe
C:\Users\Owner\Desktop\Bots\Bots\Clan-DT\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\DarkTemplars\DarkTemplars\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\DT-Baal\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\DT-Chaos\StealthBot v2.6R3.exe
C:\Users\Owner\Desktop\Bots\Bots\Dt-Trivia\Dt-Trivia\StealthBot v2.6R3.exe
C... Read more

A:browser hijacking

does anyone know how to fix this? -.-

Read other 2 answers
RELEVANCY SCORE 49.2

Hi there,My browser has been hijacked and is periodically redirected to a casino website. My homepage is still fine though and has not been changed. I have 3 or 4 new items added to my Favourites list.I have run Spybot and Adware, but they seem to indicate that nothing is wrong. I have checked for updates and then re-run these tools to no avail. Below is my HijackThis logfile. Any comments would be much appreciated. Have a good weekend.regards,Arif Logfile of HijackThis v1.97.7Scan saved at 12:42:46, on 03/07/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\crypserv.exeC:\PROGRA~1\Iomega\System32\AppServices.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exeC:\Program Files\Iomega\AutoDisk\ADService.exeC:\WIN... Read more

A:Browser Hijacking- Please Help!

You also have a CoolWebSearch hijacker. There is a special tool to remove it called CWShredder.http://www.spywareinfo.com/~merijn/files/cwshredder.zipPlease download and then unzip the program. Close all open browser windows and run the program. Click the "Fix" button and let it fix everything it finds.Reboot, run HijackThis again and post a fresh log please

Read other 1 answers
RELEVANCY SCORE 49.2

I am using IE7 on a Windows XP operating system. When I click the search results of search engines I am being redirected. I have downloaded and run Hijack This (scan log attached). Can someone please help me?
 

A:IE7 Browser Hijacking

Read other 16 answers
RELEVANCY SCORE 49.2

Anyone had their browser hijacked? Any advice on best protection to prevent this from happening again and again. Someone suggest eblocs security toolbar on another forum - http://toolbar.eblocs.com - but I haven't seen much information on other forums on it and am reluctant to make a bad situation worse. My symptoms are I reset my start page in my browser (IE) but when I wake up in the morning it's been hijacked again. Is this an indication that something more serious going on?
 

A:Browser Hijacking

Welcome to TSG

We can recommend protection programs for you, but first I think we should check to see what's causing your browser to be hijacked.

Please do the following:

* Click here to download HJTsetup.exe: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Read other 3 answers
RELEVANCY SCORE 49.2

Have a computer at work that got hijacked by about:blank. Here is the hijack this file. Help please.

Logfile of HijackThis v1.99.0
Scan saved at 11:49:56 AM, on 1/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NoAds\NoAds.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Bernie Gerring\Desktop\New Folder\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O23 - Service:... Read more

A:Browser Hijacking HELP!!!!!!!!!!!!!!

Read other 9 answers
RELEVANCY SCORE 49.2

I have read numerous posts and I am almost certain my browser has been hi jacked...ran anti-spyware,did a virus check, but can not run malware software nor open any other .exe files. I am in safemode now because my computer freezes up in normal mode and internet will open sometimes and or if it does when clicking a link from google search it redirects to another page that has nothing to do with the search?? Also I am getting a 'svchost.exe application error' all the time now. WTH? is going on here?? I have spent almost 4 days trying to figure this out before finding this forum to no avail...any help would be appreciated thankx.DDS (Ver_09-03-16.01) - NTFSx86 NETWORK Run by Foster at 16:17:24.95 on Thu 03/26/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.721 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Foster\Local Settings\Temporary Internet Files\Content.IE5\AIPFHANX\dds[1].scr============== Pseudo HJT Report ==... Read more

A:Browser Hijacking Going On?

No help i guess??

Read other 15 answers
RELEVANCY SCORE 49.2

i have a browser thats being highjacked. When i perform a search, the results show up, but if i choose when i get redirected. I am unable to run my malwarebytes-antimalware program, it will install fine but will not run. I tried to run the DDS program like instructed but never received a log. I have attached one from highjack this. I also get music and what sounds like commercials coming through my speakers? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:37:21, on 4/2/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16791)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CSHelper.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exeC:\WINDO... Read more

A:browser hijacking

Hello.Please run Combofix.Download and Run ComboFix (Rename Before Saving)Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.Link 1Link 2 Link 3Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.Do not mouseclick the ComboFix window while it's running. That may cause it to stall.With Regards,Extremeboy

Read other 5 answers
RELEVANCY SCORE 49.2

I posted this on another forum about a week ago without any luck, perhaps because of the holidays, perhaps because that is a smaller forum.Hey, I was hoping someone could help me out with my hijacked browser. This problem seems to have initially occured via IE, but is affecting Firefox as well. All search engine results are spam sites. It doesn't matter which engine. This happened a couple of weeks ago. I have tried restoring back to November first and I have run several antivirals etc., which you can tell from my hijack this logs.Here are the logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:50:05 PM, on 12/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\msdtc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC: ... Read more

A:Browser hijacking

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

My internet explorer keeps getting redirected everytime i click on a link and i get warnings from avg saying blackhole exploit virus are being found, explorere keeps crashing and closing unexpectedly too, log files attached.

Attach.zip

DDS.zip

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Daddy at 12:36:39.78 on 11/03/2011
Internet Explorer: 8.0.6001.19019
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.44.1033.18.2813.1582 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalSer... Read more

A:Browser Hijacking

attached log too ark.txt

Read other 19 answers
RELEVANCY SCORE 49.2

I am running Win XP with service pack 3. AMD Athlon XP2100MHz 2600+ Memory 2048Mb Running on a wireless home network using Linksys router. Other computers on the network are unaffected by this problem.I use Firefox as my browser but the same effects occur with IE. Using Google I am redirected to unwanted sites and assume this is what is known as hijacking. I notice that the name Google-analytics often appears in the URL address box but then the address can change rapidly many times before I am logged on to an unrequested site. The problem seems common but each occurenceseems to have its own differences so I have no idea where to start to try and cure the problem. Can you help?Edit: Moved topic from Bleeping Computer Announcements, Comments, & Suggestions to the more appropriate forum. ~ Animal

A:Browser hijacking

Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The ... Read more

Read other 4 answers
RELEVANCY SCORE 49.2

Please advise what needs to be removed. Have already run AW6, SSD in normal and safe mode on WXPSP1 wksta. Thanks.

Startup List log:

StartupList report, 8/12/2004, 10:35:16 AM
StartupList version: 1.52
Started from : C:\Documents and Settings\ccraver\Local Settings\Temp\Temporary Directory 2 for startuplist1521.zip\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\wm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\Program Files\Castelle\FaxPress\FaxTray.Exe
C:\Program Files\Castelle\FaxPress\ExCnvt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\Novell\Group... Read more

A:browser hijacking, etc.

Read other 7 answers
RELEVANCY SCORE 49.2

Every once in a while I stumble upon some kind of scam webpage which won't let me close the tab or do anything else unless I press something on a shady dialogue box saying "oh you didn't want to do exit, press ok and continue!" Is there a name for this so that I may find a good workaround for closing Firefox tabs?Here is an example for any experts who are interested; a tinyurl from an unrelated YouTube video's description. I had to close the dialogue box from its titlebar close button, drag my tabs into a new window, and kill that window. htt<BROKEN>p://tinyu<BROKEN>rl.com/3xwhq6qThanks!Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

Read other answers
RELEVANCY SCORE 49.2

I have gotten a browser hijacker loaded on my computer. I tried Spyware Doctor but it has not helped. Also tried Cloud Prevx 3.0 but it cannot get past the Master Boot scan. Hijack This came back with this log. Can you help?

Thanks,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:13 AM, on 1/20/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Progr... Read more

A:Browser hijacking

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 3 answers
RELEVANCY SCORE 49.2

Hi,I've been dealing with browser hijacking now for over a month. First it hit my IE and I've tried every spy ware tool and virus tool commonly known but it hasn't stopped the random pages opening or all the redirects. I even went as far as to shut down Internet Explorer and use Mozilla Firefox. This worked for a little while but then recently something got to Mozilla and it is everywhere.I am so frustrated. Should I just go ahead and download all the programs stated in all the other forum exchanges and see if they work?Here are the scans from HijackThis.This is the first Scan:Logfile of HijackThis v1.99.1Scan saved at 8:24:17 AM, on 8/2/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\j2re1.4.2_07\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\BellSouth\Application Center\BsnAppCenter.exeC:\PROGRA~1\SYMANT~1\SYMANT~1 ... Read more

A:browser hijacking-

Hello LLS and welcome to the BC malware forum. Let's start out with this.Download WinPFind.zip and unzip the contents to the C:\ folder.Start in Safe Mode Using the F8 method:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Safe Mode menu item.Press the Enter key.Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here so I can review it.OT

Read other 11 answers
RELEVANCY SCORE 49.2

Hi all,

I have an unwanted javascript at the end of all browsed pages. It is independent from the browser, occurs with IE and Fiorefox also.

So, I have created a hijackthis and a combofix logs, you can find them as attachment.

Could someone halp me how can I remove this hijacking?

Thank you!
 

Read other answers
RELEVANCY SCORE 49.2

Hi,I have Norton Personal Firewall. I've tried running Norton Antivirus, AdAware SE, Spybot S&D, Spysubtract and CWShredder. I also have Spyware Guard and Spyware Blaster. All of these (fully updated) have failed to prevent what looks like a hijacker from creeping in.Any chance of some help with this?Hopefully,HeraLogfile of HijackThis v1.99.1Scan saved at 21:37:19, on 30/06/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\PackethSvc.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\... Read more

A:HJT log [hijacking web browser]

If you still need help, could you post a fresh log please?

Read other 6 answers
RELEVANCY SCORE 49.2

If i run a search in Yahoo or Google I am sometimes redirected to another site that has nothing to do with what i clicked on. I have tried so many things to fix this. I tried some manual instructions, it said to search for ALCMTR.EXE and delete the file. There is also another file with this name, just not in all caps, should I delete this one as well?I tried AVG, Malwarebytes, I am running the microsoft windows malicious software removal tool (for about a half an hour) and these have found nothing. AVG came up with a crypto virus and seemed to take care of it, from what I have read it doesn't seem to be linked to the browser issues, but i could be wrong. I have been trying to fix this all day and I have no idea what my next step should be. At one point I tried running the computer in safe mode but it didn't seem to let me... Here is the HijackThis info if its helpful at allRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CheckPoint\ZA... Read more

A:Browser hijacking?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

Can someone look at this and tell me what you can see.

Logfile of HijackThis v1.98.2
Scan saved at 1:31:35 PM, on 8/17/2004
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\h... Read more

A:Browser Hijacking

Run HijackThis, click Scan, put check marks next to the following, click Fix Checked. Close all open programs and restart your computer:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5892C486-087A-A33C-324E-10272DD49064} - C:\WINDOWS\System32\vayvymtw.dll
O2 - BHO: (no name) - {6FF9B061-8617-A920-973F-837F73E6DEF6} - C:\WINDOWS\system32\emvtyzux.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0002.1001\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.2001.0001\en-us\msntb.dll
O2 - BHO: (no name) - {CBACB890-3791-4CE3-9A48-21249ED6EC99} - C:\WINDOWS\system32\qwsxmdbk.dll
O2 - BHO: (no name) - {FA43BF3C-CCAF-1815-0412-69E23044E051} - C:\WINDOWS\system32\ilsmchjj.dll
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll

***

Click the colored link below to get, install, update, immunize for and scan with Spybot S&D. delete all found spyware by clicking fix Checked, then close all open programs and restart your computer.
 

Read other 2 answers
RELEVANCY SCORE 49.2

I have Zone Alarm Pro, Norton Anti Virus, Spybot Search and Destroy, CW Shredder, Trojan Hunter and Adware installed. I have an online business to run and everytime I try to do a search, my browser crashes and I keep getting redirected to about blank. Please help me Thank youDebbie HunterHere's my log:Logfile of HijackThis v1.99.0Scan saved at 9:10:42 AM, on 1/29/05Platform: Windows 98 SE (Win9x 4.10.2222A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\WINDOWS\SYSTEM\MSTASK.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXEC:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXEC:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXEC:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXEC:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXEC:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXEC:\WINDOWS\MSOC32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXEC:\PROGRAM FILES�... Read more

A:IE6 Browser Hijacking...PLEASE HELP

I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory:c:\windows\SPOHTS.EXEc:\windows\system\SPOHTS.EXEC:\WINDOWS\MSOC32.EXEc:\windows\system\SINTRAP.EXEc:\windows\SINTRAP.EXETo copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder. If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com/submit-malware.php, fill in the required fields, and browse to the file. Then click on the Send File button.You may want to print out these directions as the Internet will not be available. Please continue with the next step if you run into a problem with the current one. Just be sure to let us know what the problem was when you reply.Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsPlease download About:Buster from here: About:Buster Download. Once it is downloaded extract it to c:\aboutbuster. We will use that progra... Read more

Read other 7 answers
RELEVANCY SCORE 49.2

Hi Guys,

I'm having trouble with my browser getting hijacked when I click on a link in Google, Yahoo, etc. I have tried Spy-Bot, AdAware, Spy Dr (all free versions) but nothing found a problem. MS OneCare Safety Scanner identified the problem as a Trojan:W32/Alureon.gen!H.

I'm running Vista Home Premium on a Dell XPS M1210 Laptop

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:53 AM, on 3/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\P... Read more

A:Help with browser hijacking

Read other 16 answers
RELEVANCY SCORE 49.2

I am running windows xp media center on my computer. Recently I tried doing a good search for a topic at school and every website that Google brings up looks legit but when i click on it I get redirected every SINGLE time! It usually takes me to websites pertaining to apartment searching or just general shopping websites. I am getting really frustrated and have no clue what is going on. This is also a computer my brother uses for his school work but logs onto my name, if this is something that he has caused im not going to be very happy! I feel that i am fairly competent when it comes to computers are searching for or deleting files or making changes. I just really am at a loss at the moment! any help would be great!

A:Browser Hijacking?

So here's the deal I am currently trying to research a paper and whenever I type a topic into Google, it brings up links that look legitimate even down to the addresses that are below the results. But when I click on the results I get redirected to websites that have nothing to do with what I am searching for. When the web pages load it brings up what looks like a the number 2 to the left of the address bar. Like on here to the left of the bar i see a small computer screen. I am currently using the newest versoin of Firefox. I have windows xp media center edition. I have currently ran SpyBot S&D, SUPER AnitSpyware Free Edtion, and Malwarebytes' Anti Malware. They find a few things here and there and i tell it to fix the problems but when I do another search I still get redirected. This is getting very frustration since I am trying to work on this paper! If ANYONE can help that would be great!

Read other 1 answers
RELEVANCY SCORE 49.2

I have recently been experiencing some very annoying problems with my online time wherein I try to go to a frequently used site only to be told it cannot be found. "unable to locate" and also NGIX (I think 9.0 not sure) FILE NOT FOUND and similar messages. I finally found the culprit and they have gotten me before. ASK search engine somehow takes over my browser and it never goes well afterwards. Not sure HOW I ended up with this but probably when i downloaded something somewhere in the fine print I agreed to have them for my search engine. I try to watch out for that but sometimes when you're trying to download something then you have to type in the CAPTCHA stuff and if you get it wrong (those things are sometimes next to impossible to figure out or get right but that's another issue) then you have to go back and start over and I think that's the whole point that you have to keep completing the same info till you get careless and let something like ASK take over.How are these people able to get away with this. Amost FUNNY but not - ASK is where you can go and ask any question to get an answer but when I ASKED how do I get rid of you they had no answer that worked. I sent them some FEEDBACK but never got an answer.Eventually, through deleting this and that (sorry its been a couple days I forget exactly) and dumping temporary files and a few other things I managed to get rid of them but I figure its just a matter of time till they get me again and... Read more

A:BROWSER HIJACKING

I have recently been experiencing some very annoying problems with my online time wherein I try to go to a frequently used site only to be told it cannot be found. "unable to locate" and also NGIX (I think 9.0 not sure) FILE NOT FOUND and similar messages. I finally found the culprit and they have gotten me before. ASK search engine somehow takes over my browser and it never goes well afterwards. Not sure HOW I ended up with this but probably when i downloaded something somewhere in the fine print I agreed to have them for my search engine. I try to watch out for that but sometimes when you're trying to download something then you have to type in the CAPTCHA stuff and if you get it wrong (those things are sometimes next to impossible to figure out or get right but that's another issue) then you have to go back and start over and I think that's the whole point that you have to keep completing the same info till you get careless and let something like ASK take over.How are these people able to get away with this. Amost FUNNY but not - ASK is where you can go and ask any question to get an answer but when I ASKED how do I get rid of you they had no answer that worked. I sent them some FEEDBACK but never got an answer.Eventually, through deleting this and that (sorry its been a couple days I forget exactly) and dumping temporary files and a few other things I managed to get rid of them but I figure its just a matter of time till they get me again and... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

Hi,I'm getting browser redirects again... I turned off my FW and AV to do some testing on DL speeds (another board, I know...) and I'm screwed again. Ran SB S&D, MAM, SAS and CCleaner. Attached is DDS log. GMER was weird- would scan for hours then crash. Disabled the cd emulation with defogger... Also ran GMR in safemode-nothing. idk what's up with that.thanks in advance!DDS (Ver_09-12-01.01) - NTFSx86 Run by Matt Reddick at 21:10:22.84 on Mon 05/24/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1266 [GMT -4:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}============== Running Processes ===============C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVG... Read more

A:browser hijacking, pls help again!

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 49.2

This is my first time using this site or posting to these boards. After struggling to resolve these issues on my own, I couldn't take it anymore. I needed to seek help. I thankful that a place like this exists to lend support to the afflicted.I'm dealing with a couple of things. Not every time, but many times, when I open a browser window in internet explorer, my homepage opens, but then is IMMEDIATELY overlayed by two or three other windows. The taskbar shows "clickbank" loading, which then displays ads for "carb burning", body by jake ads, or loan ads. I can't close any of the windows until they open completely, which is a time consuming/ wasting process, plus just annoying as all hell.Secondly, and more recently, "about:blank-microsoft internet explorer" has begun running underneath my browser page. So, consequently, whenever I go to another web page, etc., there is a delay, I would assume, from the "about:blank" page loading beneath what I am looking at. Also, when I close my browser, there is a delay of several seconds as my browser window closes, and then reveals the "about:blank" window beneath (a blank, white screen), which takes a couple of second to close. Overall, it slows down the internet process considerably as I try to click from one page to the next.I am running Norton Anti-virus. The definitions are up to date. I have also run Ad-Aware SE, Spyware Blaster, and CW Shredder, which has not detected coolweb search... Read more

A:Browser Hijacking

Welcome indyfan05 to Bleeping Computer.Obi-wan Kenobi seems to be busy, hope I'll do Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:Click the Spyware Doctor icon in the System Tray.Click Settings.Click Startup Settings under Pick a Category.Uncheck Run at Windows startup.Click Apply and Exit Spyware DoctorOnce your log is clean you can re-enable Spyware Doctor. ***Please disable SpybotSD?s protection, as it may hinder the removal of the infection. You can enable it after you're clean.Open Spybot and click on Mode and check Advanced ModeCheck yes to next window.Click on Tools in bottom left hand corner.Click on Resident icon.Uncheck Teatimer box and/or Uncheck Resident.Close Spybot.***To disable SpySweeper ShieldsClick Shields on the left.Click Internet Explorer and uncheck all items.Click Windows System and uncheck all items.Click Startup Programs and uncheck all items.Exit Spysweeper.***Download CleanUp!.If that doesn?t work, use this link.Here is a tutorial which describes its usage:http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:*Click "Options"*Move the arrow down to "Custom CleanUp!"*Put a check next to the following:Empty Recycle BinsDelete CookiesDelete Prefetch filesScan local drives for temporary filesCleanup! All UsersClick OKPress the CleanUp&... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

Title says it all, whenever I open up a browser IE pops up with ads. Ive run Avira Antivirus and Ad-Aware 2007 both come up negative. Ill be bumping this thread in a few days if no one sees it.

A:IE browser hijacking

Forgot to post the log file. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 10:08:58 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Wallpaper Master\Wallpaper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\lolifox\lolifox.exe
C:\Documents and Settings\Star Scream\D... Read more

Read other 19 answers
RELEVANCY SCORE 49.2

Since yesterday we have been having a problem I have never hear or seen before. Problems started when I was browsing the internet. All of a sudden I have got diverted to a web page www.hillary2004.net. From there on I couldn't go to any other web page. If I tried it get diverted to the page above again.
Before long, other people started having the same problem.
I have spent hours checking settings on our DNS server. Checked it for viruses, trojans...nothing!!
If I disable the DNS server on services from my PC, it improves and I can connect to several places, however this sometimes brakes down again on certain places like www.hoovers.com.
Can anyone enlighten me on whats going on please??

A:Hijacking browser

Have you checked YOUR machine for viruses?

Read other 8 answers
RELEVANCY SCORE 49.2

Hello all,

Thanks you all for your time. I would greatly appreciate any help in regards to the HJT scan.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:19 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDet... Read more

A:Please Help! Browser Hijacking???

Welcome to TSG
Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

Read other 1 answers
RELEVANCY SCORE 49.2

I have tried many attempts at removing this browser hijack problem. I have been loading this laptop with many VST plugins and hard disk recording applications. I installed a Team H20 version of Cubase and some other software released by other a few teams. Guitar Pro 6 seemed to be one of the last ones i installed and then i started seeing some issues when browsing.

I have scanned with MAMB SAS various online scanners and ATF cleaner CCleaner and many others recommended on here. I was able to remove other viruses such as wildtangent and several trojans and worms, but still i can not get the hijacking to stop. All i am now getting on my scans are adware cookies located in networkservices folder and administrator folders, i clean them out and they are gone, but of course when i browse again they reappear.

I am also getting an error after start up please see ERROR image attached.

Microsoft updates webpage is blocked as well. I have experimented with removing adobe products and java. I had went in and tried to kill as many folders with force to try and stop any attempts of hijacking.

I have also used defogger to disable alcohol 52% and i have used an app to remove avast and MBAM and a pandasoft antivrus program.

Any help on this will be greatly appreciated.

Vikkie


DDS (Ver_10-12-12.02) - NTFSx86
Run by user at 7:10:02.12 on Tue 01/25/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1421 [GMT -8:00]

AV: Lavasof... Read more

A:BROWSER HIJACKING

Hello vikkiewiid, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change ... Read more

Read other 3 answers
RELEVANCY SCORE 49.2

hello, my browser has been hijacked by e-finder it looks like. i've used spybot and ad-aware but it keeps coming back. here is my hijack this log. please help...it'd be much appreciated.Logfile of HijackThis v1.97.3Scan saved at 12:05:23 PM, on 11/7/2004Platform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\gearsec.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINNT\System32\nvsvc32.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\System32\mspmspsv.exeC:\WINNT\Explorer.EXEC:\WINNT\system32\ntvdm.exeC:\WINNT\System\MSMSGSVC.exeC:\OPLIMIT\ocrawr32.exeD:\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.e-finder.cc/search/ (obfuscated)R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search... Read more

A:browser hijacking..please help

HiYou are running an outdated version of HijackThis.. Delete the copy you have and download the latest version of HijackThis!: Download here HJT 1.98.2. Save it on your Desktop. You will need now to unzip hijackthis.exe to a permanent folder, such as c:\hjt . This has to be done as HijackThis creates backups. You may need to use these backups.First create a new folder:A. Click My Computer icon on your desktopB. Click C: driveC. Click the File menu --> New --> Folder, a folder "New folder" will be created.D. Rename it HJTUnzip hijackthis.exe to the c:\HJT folder.Run hijackthis.exe and post a new log please.When responding to a post from one of our HJT Team members, please reply in the same topic - click the Add Reply button. Do not create a new topic for your reply. This will cause confusion and only cause a delay in the help you are receiving.

Read other 10 answers
RELEVANCY SCORE 49.2

I have been hacked. The malware now always lands on Yahoo be it IE or Google.

Re setting browsers does not work.
It's now starting to hijack Windows 7 by not allowing me to delete or uninstall Windows files that could be used to assists in tracking the problems.

Windows 7 PRO
 

Read other answers
RELEVANCY SCORE 49.2

There is some browser hijakcing going on my computer. I need to get this sorted!
Symptoms:
google chrome not working
keep getting redirected to untrustworthy sites

What I have done:
ran a hijackthis scan
downloaded malwarebytes and am currently running a quick scan (will do a full one if that doesn't work)
hijakthis result
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:27, on 2010-06-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programs\AVG\AVG8\avgwdsvc.exe
C:\Programs\AVG\AVG8\avgtray.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\CyberLink\PCM4Everio\EverioService.exe
C:\Programs\DivX\DivX Update\DivXUpdate.exe
C:\Programs\Everything\Everything.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programs\Bonjour\mDNSResponder.exe
C:\Programs\ViStart\ViStart.exe
C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
C:\Programs\Innovative Solutions\DriverMax\devices.exe
C:\Users\Jamie\Local Settings\Applicati... Read more

A:Browser Hijacking

Download TDSSKiller and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

 

Read other 3 answers
RELEVANCY SCORE 49.2

I am running IE6 on a Windows 2000. I have updated Windows and tried using Spybot S&D to no avial.I am having several problems.1. I keep getting pop-ups in IE2. I have tried intalling Google Toolbar but could not...it disapears as soon as I close the browser window.3. I keep getting a vertical window labeled "Search Bar" on the first line and "Related Searches" on the second line. Looks supicious..3. I get the feeling that my searches form the Google main page are being diverted through some other search engine. I say this because I was trying to locate the webiste for Spybot S&D and tried searching in the main page of Google, but none of the results were for Spybot. Then I cliked on "advanced search" and dit the same search and the first entry/result was for Spybot's Home Page.I ran HijackThis and am posting the results below. Would greatly apprecaite any assistance given.Many thanks in advance.===================================Logfile of HijackThis v1.99.0Scan saved at 6:37:32 AM, on 1/4/2005Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\System32\ibmpmsvc.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system... Read more

A:Possible Browser Hijacking

Please download and install CWShredder.http://cwshredder.net/bin/CWSInstall.exeDownload Ad-aware SE from: http://www.majorgeeks.com/download506.htmlInstall the program and launch it.First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.Exit Adaware.Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>R0 - HKCU\Software\Microsoft\Internet Explorer& #092;Toolbar,LinksFolderName =R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\EliteToolBar version 59.dllO2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\EliteSideBar version 8.dllO4 - HKLM\..\Run: [MSDDMess] C:\WINNT\SYSTEM32\vssddfq.exeO4 - HKLM\..\Run: [Tasmgr Starup] tasmgr.exeO4 - HKLM\..\Run: [secure] C:\WINNT\system32\secure.exeO... Read more

Read other 5 answers
RELEVANCY SCORE 49.2

Many different people have access to this system, as it is a family computer, I have tried to do as much as I can to keep it safe & run scans faithfully, but infections still seem to slip thru periodically. This time, something is causing the browsers to either take forever to open or not open at all. The system also seems to be slower than usual. It was working great after I had it checked the last time, but like I said, a lot of people do a lot of different things on here and are not always conscientious about what they are doing or how they are doing it. Thank you in advance for any and all assistance, I greatly appreciate it!
E
 

A:HELP, PLEASE!! Browser Hijacking, etc.

Sorry, I forgot to include the HJT log. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:38:43 PM, on 12/15/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Micro... Read more

Read other 1 answers
RELEVANCY SCORE 49.2

I can't begin to tell you how much I have learned in the past week dealing with this browser hijacking situation. I have been all over the net searching for information about this particular situation and keep coming across bleepingcomputer.com. I've read entry after entry about how to find, identify and remove this rascal but boy it appears way out of my realm of expertise.

I have run Ad-Ware Se, Microsoft Antispyware, Norton and CW Shredder. I have now run Hijackthis and have copied the log below. Any help in identifying the code so I came remove it would be greatly appreciated. Thank you. I've even included a smiley face! Can't wait for Spring! Thank You.

Logfile of HijackThis v1.99.0
Scan saved at 6:16:09 PM, on 1/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files... Read more

A:HiJacking Browser

Hello lavler, ********************************************************* Please boot into safe mode and select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), please select "fix.? How to Reboot into Safe Mode  tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key.R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TOMWIE~1\LOCALS~1\Temp\sp.dll/sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\TOMWIE~1\LOCALS~1\Temp\sp.dll/sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankO2 - BHO: (no name) - {CE68569E-425D-4A8B-9796-0D32EF022F6E} - C:\WINDOWS\system32\fonp.dllO18 - Filter: text/h... Read more

Read other 5 answers