Over 1 million tech questions and answers.

Solved: Browser start page hijacked, can't change . Please help!

Q: Solved: Browser start page hijacked, can't change . Please help!

Hi All. this is the first time I'm using the forum. Would appreciate any help please.

Everytime I go to my toolbar in explorer to review internet options, the home page is set as

res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784

Every time I try to change it to the default page I want http://www.google.com/, it changes it in the box but when you check back it reverts back to

res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784

I haved scanned with SpyBot S&D and used AVG but have had no luck. I have windows 98, yes I know I'm way behind the times! I'm not an expert but ran regedit yesterday and found the above entry under HKEY_CURRENT_USER/Software/Microsoft/InternetExporer/main. The above value data is linked to the value name "Start Page". I tried modifying the data to google, but again it reverts back!

Would someone be able to help me with this and guide me with what I should do?

Many thanks.

RELEVANCY SCORE 200
Preferred Solution: Solved: Browser start page hijacked, can't change . Please help!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: Browser start page hijacked, can't change . Please help!

Read other 16 answers
RELEVANCY SCORE 85.6

My IE start page has been hijacked by clicksearchclick.com. Whenever I start the browser it goes to thier site. Here is the Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:39 AM, on 5/8/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\System32\Services\{F34DB3AA-9BB6-45E8-B1A8-75435820E9E9}\SVCHOST.EXE
C:\WINNT\winos.exe
I:\IMC\MPS\iIMCLAN.exe
C:\WINNT\System32\ImcMSGC2.exe
I:\IMC\MPS\Console.EXE
I:\IMC\MPS\PL.EXE
I:\IMC\RMS\Records.exe
I:\IMC\RMS\CASEMGMT.EXE
C:\Documents and Settings\ca3583\Desktop\Repairs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/search.php?aff=7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://info
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TCASUTIEXE... Read more

A:Solved: browser start page hijacked by clicksearch

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/search.php?aff=7

O4 - HKLM\..\Run: [Service Host] C:\WINNT\System32\Services\{F34DB3AA-9BB6-45E8-B1A8-75435820E9E9}\SVCHOST.EXE

O4 - HKLM\..\Run: [windhost.exe] C:\WINNT\winos.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...bridge-c445.cab

O21 - SSODL: System - {F54C3836-9D1C-45E8-9D0B-B11F760595B5} - ssvmc.dll (file missing)

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"

Now find and delete this file:

C:\WINNT\winos.exe

Delete this folder:

C:\WINNT\System32\Services

Also in safe mode navigate to the C:\WINNT\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete t... Read more

Read other 3 answers
RELEVANCY SCORE 77.2

I use Windows 98 (just to let u know).
My Internet Explorer (IE6) start page (previously www.yahoo.com) has been replaced by 'http://213.159.117.134/index.php'. I've tried changing my home page option in IE's properties back to www.yahoo.com, but the 'intruder site' keeps reseting the address field and coming back again...

I'll attempt to descibe what happens exactly once I'm connected to the net...
Once I've connected to the internet, opening IE takes me to 'http://213.159.117.134/index.php' , 'www.Cool Web Search.com', ’about:blank’, a few ads about fixing spyware on my pc and another window named 'tpx/open/console_out.php' or something like that...one after the other in succession...(then again, I’m not sure I got the order right…that isn’t important anyway…)

Once I get the 'tpx/open/console_out.php' window I find it necessary to close it immediately 'cuz if I let it load, it disconnects me from the internet , and my second attempt to connect back proves futile as I get a message saying 'The modem is being used by another Dial-up connection. Close the other connection and try again. ' (so I've learnt by experience...sigh...)

I don’t know if this message I encounter is related in any way to a Dail-up Connection dialog box which keeps popping up on my screen almost without reason randomly at any time, right from the moment I switch on my pc. This Dail-up Connec... Read more

A:IE browser start page hijacked

Hi and welcome to TSG,

First click: http://www.majorgeeks.com/download4086.html to download CWShredder, but don't run it yet.

Next click: http://securityresponse.symantec.com/avcenter/FxAgentB.exe to download the Backdoor.Agent.B Removal Tool from Symantec. Save the file to a convenient location, such as your Windows desktop.

Close all the running programs

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet.

Double-click the FxAgentB.exe file to start the removal tool.
When you receive the message telling you start any other applications, click OK.

Click Start to begin the process, and then allow the tool to run.
Restart the computer.

Run the removal tool again to ensure that the system is clean.

Be sure to save the log file the removal tool creates to post back here later.

Run CWShredder immediately. Click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do its thing.

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search ... Read more

Read other 1 answers
RELEVANCY SCORE 70.4

My home page WAS www.msn.com but it now is www.quest.msn.com and cannot be changed back using Internet Options. I've tried the following:
1. Run CWShredder-didn't find anything.
2. Restored to a date I thought was before this problem began-problem still there.

I'm attaching my HIJack this log in hopes that someone can spot a problem.

I'm using XPPro, SP3.

Thanks in advance.
 

A:Solved: IE7 Browser home page hijacked

Sorry, I mean't it was hijacked by http://qwest.msn.com
 

Read other 2 answers
RELEVANCY SCORE 68.4

Hey!
Everytime I start my computer and open the IE I'm redirected to www.turbonic.com. I used Ad-aware, it finds some infected files, I delete them but the thing keeps going...
Here's my log from HijackThis, could anyone check it out and tell me what I could do to solve this??
Thanks!
Logfile of HijackThis v1.98.2
Scan saved at 01:03:45 p.m., on 10/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Archivos de programa\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Archivos de programa\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\ARCHIV~1\Iomega\System32\AppServices.exe
C:\Archivos de programa\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Archivos de programa\Iomega\AutoDisk\ADService.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Archivos de programa\Iomega\AutoDisk\ADUserMon.exe
C:\Archivos de programa\Iomega\DriveIcons\ImgIcon.exe
C:\Archivos de programa\NavNT\vptray.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\Archivos de programa\Messenger Plus! 3\MsgPlus.exe
C:\Archivos de programa\Kazaa Lite K++\KazaaLite.kpp
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Arc... Read more

A:Solved: IE start page hijacked! goes to turbonic.com

Read other 9 answers
RELEVANCY SCORE 68.4

Catbyte appears to have solved this issue in the past for Bamaman..
I reviewed the many arduous steps that Catbyte had Bamaman go through
to eliminate the problem.

I have the same problem and was going to post to that thread the question

Do I need to go through ALL of the steps or just the last one that fixed the
problem -
Please run the following:
Temp File Cleaner
Download TFC to your desktop
Mirror

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean
 

A:Solved: Start page hijacked by whitehotproductions

Hey,
Thanks for all the help.
It not only hijacks the home page but resets preferences to
hijacked home page if preferences are set to open last session.
the solution that "works for me is:
I installed the add on "Session Manager"
This at least brings Firefox back to the tabs that were last opened.
Doesn't solve the home page issue though...
 

Read other 1 answers
RELEVANCY SCORE 67.6

Hello everyone,

I am having trouble with my start page being switched to some bogus search engine site and no matter how many times I try to correct it from Tools/Internet Options/Home Page, it is always set to "about:blank". I like to have Yahoo.com as my homepage but it seems to be overwritten. I've ran HiJackThis several times and clicked on the boxes to I want to fix but then I can immediately re-do the scan and those same lines will show up as if I never put a tick in those boxes.
Also, I get a random pop-up window with some bogus advertising even though I have Popup Stopper running.
Any help would be greatly appreciated.
Here is the HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:00 AM, on 10/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
F:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Stardock\Object Desktop\IconX\IconX.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svc... Read more

A:Solved: Hijacked start page Problem/HiJackThis log

Hello willieji66

You may want to print out these instructions because you may not be able to get online in safemode

Download these programs

Ewido Security Suite

Pocket Killbox

ccleaner

Step 1

Install Ewido
Under additional Options uncheck Install ewido background guard and Install via context menu
Update ewido
If you have trouble updating go here
Please don't run a scan yet!!!!

unzip Killbox to a folder on your hard drive that you can access easily
You will use it later

Install ccleaner
But don't run a scan yet

Step 2

Boot into safe mode
Instructions: reboot press F8 until an Windows Advanced Settings comes up, scroll down to safemode and press enter

Run Ccleaner
Click on Analyzer, then Run cleaner

Run Ewido
Run a Complete system scan
May take sometime "depending on how infected your system is"
Please save the log file

Open Hijackthis
click on System Scan
Fix these items

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Class - {5AF27B88-58BE-EDE2-DEDC-AC150AF3E5C5} - C:\WINDOWS\system32\netiw.dll

Run Killbox
Check Delete on reboot
Place this file in killbox

C:\WINDOWS\system32\netiw.dll

Reboot into Normal mode
Post a fresh hijackthis log, include both the ewido and panda log too.

Panda Activescan
 

Read other 2 answers
RELEVANCY SCORE 62.4

Recently, I changed DSL providers from Earthlink to another company. I did this for two reasons: the Earthlink throughput was awful, and their tech support was virtually useless. After numerous attempts to get the speed problems resolved I finally gave up. Upon ordering the new provider's service, I uninstalled Earthlink from my PC. Problem is, no matter what I do, my IE home page is the Earthlink start page. I have used the IE options to change it, it goes right back to Earthlink. I have changed it in the registry, it goes right back to Earthlink. I have checked for spyware/adware, run registry cleaner, you name it. Is my PC going to be forever haunted by Earthlink? I have XP home edition, latest version. Can someone rid me of this troublesome home page?
 

A:Can't change IE home page from Earthlink start page

Read other 6 answers
RELEVANCY SCORE 61.2

My browser page is been hijacked and nothing helps. the hijack this log is as below pls help me again mr grinler, plimsollLogfile of HijackThis v1.97.7Scan saved at 4:48:21 PM, on 7/16/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Winamp\Winampa.exeC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\PROGRA~1\NORTON~1\navapw32.exeC:\Documents and Settings\sundaravadivelu\Desktop\hotfoon4.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Webshots\WebshotsTray.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\Program Files\Norton Internet Security\NISSERV.EXEC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Norton Internet Security\ATRACK.EXEC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\Sy... Read more

A:browser page hijacked pls help

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\IEsp.mhtO2 - BHO: (no name) - {0B519E07-7824-4adc-8890-93D5EABBF285} - C:\WINDOWS\System32\msadocm32.dllO2 - BHO: (no name) - {A3DFDA85-1D92-4E28-8C0C-522574ACDC8A} - C:\WINDOWS\System32\msacrohlp.dllO4 - HKCU\..\Run: [HOTFOON2] C:\Documents and Settings\sundaravadivelu\Desktop\hotfoon4.exe /hO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cabReboot your computer into Safe Mode and delete the following files:Then delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\System32\IEsp.mhtC:\WINDOWS\System32\msadocm32.dllC:\WINDOWS\System32\msacrohlp.dllC:\Documents and Settings\sundaravadivelu\Desktop\hotfoon4.exeDisable System Restore. You can find instructions on how to enable and reenable system restore here:Managing Windows Millenium System RestoreorWindows XP System Restore GuideRenable system restore with instructions from tutorial aboveRebo... Read more

Read other 4 answers
RELEVANCY SCORE 61.2

Hi!

I've got a problem. After installing some silly small program from the Internet, I cannot change the start
page in my browser any more. It is defaults to some
address that displays a frame as a bar on top with
some ads. I WANT IT TO BE REMOVED but no matter what
I did it stayed there. I think the IE files might
have been patched by that prog?

Any advice will be greatly apreciated. Thank you!

Andrew
 

A:Can't change the Home Page (Start page) in IE 5.0

Read other 6 answers
RELEVANCY SCORE 60.8

Hi.I'm having a problem. I use google to search the internet and the normal looking results page opens up, but whenever I click on one of the links I get shuttled over to a site called virtualway.info.I'm running WinXP Home SP2Following is a copy of my Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:29:08 AM, on 4/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files&#... Read more

A:Browser Search Page Hijacked

Hello RobertaT and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 4 answers
RELEVANCY SCORE 60.8

Hi. I'm running Windows ME. Every time I've tried to open up an IE 6 browser today, my homepage has been set to something called "About:Blank" which seems to be some sort of spyware/ad ware. A massive flood of popups appears, and I have to restart the computer before they'll stop. I've tried running Spybot S&D and Ad-Aware, but nothing's helped.

I've also tried manually setting the homepage back through Start>Settings>Control Panel>Internet Options, but every time I click "OK" on the Internet Options window I get an error message and it changes back to the "About:Blank" page.

I seem to have several files in my registry that are causing this problem... I found them in Hijack This but when I've deleted them, they've come back every time I restart the computer. (I've included a log here).

Logfile of HijackThis v1.99.0
Scan saved at 8:26:34 PM, on 1/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\LEXMARKX73\ACMONITOR_X73.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FI... Read more

A:Browser / Home page Hijacked?

Read other 7 answers
RELEVANCY SCORE 60.8

Hello,
 
I have a <1 year old Dell desktop all-in-one PC with recent Win 10 (2-3 months ago). Since the last week or so, I found every time I try to browse to Amazon.com in IE11 (either using a link or thru google or typing into the address bar) I get a very different webpage (see attached screenshot) instead of the normal Amazon homepage. Definitely not Amazon. I suspect my browser is somehow hijacked but can't figure out how to fix it. Ran Malwarebytes, adwcleaner, JunkwareRemovalTool, etc. Still the same problem. No other symptoms. The normal Amazon page loads perfectly using any other browsers on this PC. I'm worried someone else is going to try to browse to Amazon, click on the funky links, and try to log into the site and compromise thier credentials (this is a family PC). Any ideas on fixing this?
 
Thanks in advance.
 
******************** FRST Log Results: ************************
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bruce (administrator) on WINDOWS-9LL0EBA (22-03-2016 21:33:47)
Running from C:\Users\Bruce\Desktop\Computer Recovery
Loaded Profiles: Bruce (Available Profiles: Bruce)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (White... Read more

A:Hijacked Amazon.com page or IE browser

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please copy the entire contents of the code box below to the a new file.

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {003C3763-7AE0-41D0-A9D1-3EA7A07B72B6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C640F3D-2DCB-4DA7-99CE-210BCB5CC7FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1D5937D7-E14E-4912-B4AA-C571579A3719} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {3760A705-8DEB-4E54-AE35-1EA64DDD022F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {45D8EB6C-ECAF-405B-BCCF-E4C6EA2933A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5229FC29-F7D5-433F-A92C-9D5A5CC5F792} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D23567C-BD60-473E-8008-7E8B8E031069} - \CLVDLauncher -> No File <==== ATTENTION
Task: {6C1A06C4-E6FE-44C6-A1C4-6E1627701036} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {87324F2D-80E3-4167-AF14-160FAB05F599} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {8D2E3196-22C0-4571-B159-B6118E6026FA} - ... Read more

Read other 4 answers
RELEVANCY SCORE 60

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by LizzieS (administrator) on LIZZIES-PC on 27-02-2015 23:02:12
Running from C:\Users\LizzieS\Downloads
Loaded Profiles: LizzieS (Available profiles: LizzieS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSv... Read more

A:Browser hijacked, pop ups and home page changed; help pls

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Using the Add/Remove programs applet delete this process in bold.SupplementPro (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{23afdfe}) (Version: - Software Publisher) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-02-27] ()
HKU\S-1-5-21-3205690185-1226381487-526044824-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3205690185-1226381487-526044824-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={BA7F367E-FF34-4DD2-A696-78D52072E23E}&mid=7e554bd70f4947d1b8a8cd3c4e3b7cac-c0abbc4fe6dc8ff5c2e9f541d3176252c2e5713e&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215av&... Read more

Read other 10 answers
RELEVANCY SCORE 60

Hi Folks, I had hoped that I would never need your help again after your sterling work cleaning up my system last year (*thanks* again!). But somehow something has slipped in...

I am unable to reset my IE homepage, it always defaults to: http://www.keyitaly.com/property/188881/gallery/ and occasionally when I key in a web address it goes somewhere completely different. I've run Adaware and Spybot SD and nothing is found.

I can see that you are extremely busy but any help you can give will be gratefully received. Below is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:27:21 PM, on 09-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\RNA... Read more

A:IE browser hijacked - home page problem

Hello Countryboy,

If you still require assitance, I'd like a bit more information.

Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here, along with a new HijackThis log.

Read other 19 answers
RELEVANCY SCORE 60

hi, i am having a problem while browsing with firefox with search results being hijacked to various ad sites as well as slow page loading and was looking for some help. i will also mention that my outdated norton antivirus has recently stopped auto-protecting and i can't enable it as well as a notification in the system tray that windows automatic updates is turned off(which i want, but the notification itself is new). these symptoms all appeared at about the same time.

thanks in advance.

A:hijacked browser and slow page loading

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

Read other 4 answers
RELEVANCY SCORE 60

Hey, so new to this site (as if my username didn't explain) and well...I have a problem. See, this is a laptop i use for school, and my homepage is always "myfastwebsearch.com". I changed the homepage, but that only works until i turn my computer off. I am well aware of deepfreeze, and this was like that before they put it on (they gave me a computer with a missing program, lol), so it'll make it harder to get off unless i ask then to temporarly remove it, but if someone tells me what to do, i will do it after it is taken off. Oh and by the way i did see something about myfastwebsearch in the log. sooo...this is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:27 PM, on 5/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Vi... Read more

A:Home page is wrong, think browser is hijacked

Read other 6 answers
RELEVANCY SCORE 60

Hello, I am a first time poster and I will try to follow protocol, but I apologize if I leave something out. My web browser (both Firefox and IE) has been hijacked by the "Error Page Assistant" a.k.a. "AppsWebService". It is very intermittent, and only affects a few odd URLs. Unfortunately, most of the time one of those URLs is google.com, so it's become an annoying problem. I have noticed several other posters to this and other forums have had a similar problem, and I have tried to follow a lot of the instructions in those other posts, as well as the recommendations in the tutorial and other pinned threads, including AdAware, Spybot, McAfee Enterprise Virus Scan, and the McAfee AVERT Stinger. None of these tools affected the problem at all. In attempting to follow some of the procedures outlined in other posts, I downloaded and ran HijackThis, and I removed a single program, although I can't remember the exact name. I also deleted (with backup) miscellaneous other processes that seemed malicious. Again, none of this changed anything. After all of this cleanup, I re-ran HijackThis and the log is included below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:09:11 PM, on 12/30/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.ex... Read more

A:Error Page Assistant Hijacked My Browser

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 15 answers
RELEVANCY SCORE 60

I am trying to clean my daughter's computer. Windows XP.
I ran Symantic Antivirus - found and supposedly removed 1 virus. Ran the it twice more with no more viruses - but because the computer resources are fully used by some unknown factor - the virus check took over 10 hours.
I installed and ran Webroot SpySweeper. It found Trojan - Slob among other things. It quarentined those items and I deleted them. I ran it again and it found the Trojan again. I deleted it again. The next time I ran it, Slob didn't show up. Now the worst things showing up are: comet cursor, starware toolbar, superbar, and virus heat. I quarentined them.
The computer resources are not always fully used now. However, we have a problem with the web browser. - Internet Explorer 7.
Every time we go anythere, an error box pops up saying we have a virus and should click the button to download a virus cleaner. I need to press CTRL F4 to close the box as it does not appear in the Task Manager - Applications, nor does it appear on the task bar and I don't want to click on it anywhere. This appears sometimes two or three times before the browser will go to another page.
When we use Google to search, we come to a strange Google page. It has a big notice that the computer is infected with a virus. As well, a Utube porn picture. If you click on anything in the list of found items you get redirected to some other web site.

I ran Hijack This. Here is the Log:

Logfile of Trend Micro HijackThis v2.0.0 (B... Read more

Read other answers
RELEVANCY SCORE 59.6

My nephew has somehow altered the size of all the web pages and of course, the text on all of the internet...it means that we can't read the information on some web sites as it's just too small! AAARRR!!! Please can someone help, my newphew could I'm sure but he's gone back to Bradford where he belongs!
Jon
Thanks wonderful people as ever!
 

A:How do I change the size of my browser page?

In internet explorer, go to view, text size and change the size to something more suitable, medium is normal
 

Read other 1 answers
RELEVANCY SCORE 59.2

I can't reset the home page in IE. It reverts back to alltel.net. Thanks for the help.VernaLogfile of HijackThis v1.99.1Scan saved at 1:37:04 PM, on 6/6/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\Explorer.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\SK9910DM.EXEC:\WINNT\GWMDMMSG.exeC:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINNT\System32\spool\drivers\w32x86\3\hpztsb07.exeC:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\inKline Global\TVolution\TVolution.exeC:\WINNT\System32\hkcmd.exeC:�... Read more

A:Hijacked Start Page

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look.

Read other 2 answers
RELEVANCY SCORE 59.2

My start page has been hijacked, and no matter what I do, IE 6.0 opens to a window with this in the address bar- res://C:\WINNT\System32\shdoclc.dll/navcancl.htmThis is some kind of a search page with working links, but when I try to go to a different web address, I get an access denied message. I'm actually using a Mozilla-Firefox browser to contact you from the infected computer. From the little bit of research I've done on your website, I've found some files that definetely need to be removed, but I either can't delete them,even in "safe mode", or they reinstall everytime I open an IE window. I've just run CW SHredder, AdAware, Spy-Bot, and my AVG virus protection software, cleaning up all problems that they can. I'm sending you a HJT log along with some other log files that might help you diagnose my problem. I sure hope you can help me straighten this mess out. First, here's the HJT log:Logfile of HijackThis v1.99.1Scan saved at 3:09:19 PM, on 4/27/2005Platform: Windows 2000 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exeC:\PROGRA~1... Read more

A:Start Page Hijacked

Hello UncleMike and welcome to the BC forums. After reviewing your log I see a few items that require our attention. Please proceed with the following steps in order.Step #1Navigate to c:\winnt\system32\ and search for these files (they might or might not be there):bhoassw.da0bhoassw.cfgbhoass.da0bhoass.cfgIf you find them write down the names and we will take care of them in Step #5.Step #2Download the Pocket Killbox.Unzip the contents of KillBox.zip to a convenient location and then double-click on KillBox.exe to launch the program.Step #3Highlight the lines below and press the Ctrl key and the C key at the same time to copy them to the clipboard:C:\WINNT\system32\TASKMGRU.EXEC:\WINNT\system32\MSIMN32.EXEC:\WINNT\msxmidi.exeC:\WINNT\bhoassw.dllC:\WINNT\BHOASSUI.exeC:\WINNT\explorer32dbg.exeC:\WINNT\iexplore_dbg.exeC:\WINNT\bhoass.dllNow go to the Killbox application and click on the File menu and then the Paste from Clipboard menu item. In the Full Path of File to Delete box you should see the first file. If you dropdown that box you should see the rest of them. Make sure that they are all there.Click on the Delete on Reboot option and then click on the red circle with a white 'X' in to to delete the files. Killbox will tell you that all listed files will be deleted on next reboot, click YES. When it asks if you would like to Reboot now, click YES. If you get a "Pen... Read more

Read other 11 answers
RELEVANCY SCORE 59.2

1st post from a semi clever PC user.Every time I start IE it opens at:-http://www.microsoft.com/windows/ie/downloads/default.mspxThis is not what's set in my options for home page. I've tried running HiJack this and have removed any suspicious entries. I've run Spy Bot Search & Destroy and several other anti hijack programsI've got all the latest MS downloads. In fact I think this occured after downloading an MS update.Any ideas folks??

A:Hijacked Ie Start Page

If your browser is continually changed you are being Hijacked.Are you completely competent to write to the registry and author changes?If you are not a registry expert, then you should not be using HJT without expert assistance because even what you may consider a slight mistake can render your op system useless and unfixable without wiping your hd and reloading Windows completely!After running Adaware and Spybot from safe mode, make sure you have the latest version of Hijack This installed on your root drive, not a temp file, and follow the directions in the following links explicitly:Read the pinned post in our “HijackThis” forum, herehttp://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ Carefully read and follow all directions explicitly.Following instructions run a log, and post it in following HJT forum, at this link. Include a brief description of your computer (ie, processor, amount of RAM, brand or motherboard, etc, and the problem you are experiencing.)http://www.bleepingcomputer.com/forums/posthjtlog.htmlDo not as yet attempt to fix anything by yourself using Hijack This as even what may seem to be a small mistake can render your op system inoperable.Some files when in one folder may be fine while in another may be malware. A member of our HJT Team will analyze your log, make recommendations and offer assistance.It may take a period of time to get a response to the log you posted ... Read more

Read other 1 answers
RELEVANCY SCORE 59.2

Have ran Trend Micro, Ad-Aware se with VX2, Spybot S&D, and CW Shredder. spybot finds the problem fixed it but when you open IE it is still hijacked goes to (res://shdocpe.dll/blank.htm)

A:IE Start Page Hijacked

Please download HijackThis - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in y if you agree. The result.txt file will open up in Notepad. Copy the whole result.txt log and post it in the forum. We do not need the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Read other 1 answers
RELEVANCY SCORE 59.2

I try to set my homepage to www.msn.com and it keeps changing back to msnmember.msn.com. Its a strange looking webpage not the normal msn.com page I get when I load it up in Firefox. Im using Internet Explorer 8, 64 bit version. This happened about 6 months ago and it was fixed by going to Internet Options the Advanced and resetting the page to the default. That does not work anymore. I still get that strange portal page. Anyone know what I can do to get the regular msn.com back? Thanks Judy N.Logfile of Trend Micro HijackThis v2.0.3 (BETA)Scan saved at 11:31:46 AM, on 1/24/2010Platform: Unknown Windows (WinNT 6.01.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\IncrediMail\bin\IncMail.exeC:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exeC:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exeC:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files (x86)\Microsoft Works\WkCalRem.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\IncrediMail\Bin\ImApp.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\TrendMicro\HiJ... Read more

A:Hijacked Start Page ?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 59.2

My start page in internet explorer has changed to about:blank Can't change back to anything else. Also favorites have been added that I can't delete. Ran Spybot & ad aware but didn't help. Here is log from hijackthis. Help would be greatly appreciated.

Logfile of HijackThis v1.99.0
Scan saved at 7:32:02 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\sdkbp32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\Grxp4exe.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\rundll32.exe... Read more

A:Help-start page hijacked!

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

You have an outdated version of HijackThis. Download the newest version at http://www.greyknight17.com/spy/HijackThis.exe and run it.

Before you give us a new log here, if we gave you instructions for a fix, please do the fixes first and then post the new log with this updated version.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

Go to My Computer->Tools->Folder Options->View tab and make sure that 'Show hidden files and folders' is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you cli... Read more

Read other 10 answers
RELEVANCY SCORE 59.2

My typical start-up page has been hijacked again. I am having troublr getting rid of it. Can someone please take a look at the hyjackthis printout below and let me know what I have to get rid of.

Thanks in advance.

CJ
Logfile of HijackThis v1.96.1
Scan saved at 5:32:57 PM, on 01/17/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MEDIASCIENCE\SONIQUE\SQSTART.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\MSOFFICE\OFFICE\OSA.EXE
C:\MSOFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\XEROX\PAGIS\MONITOR.EXE
C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.windowws.cc/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Exp... Read more

A:Start-up page hijacked

Download AdAware 6 181 from here: http://www.lavasoftusa.com/
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......
Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.....
Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" ...........then........"Cleaning engine" and tick "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.
 

Read other 3 answers
RELEVANCY SCORE 59.2

My start page has been hijacked by about:blank, quicksearch and others. I have used AdAware, Spyware Blaster, but it always reverts to the hijacked start pages.

What steps do I need to take in the Registry to correct? Many thanks.

Consultant

A:Hijacked start page for IE 6

hi

run these 2 programs :

spybot search and destroy click here

scan , fix anything found ,hit immunize button at the end.

and

cwshredder click here

fix anythign found .


reboot

download hijackthis and scan and post a hjt log in this thread .

Read other 18 answers
RELEVANCY SCORE 59.2

Vundo trojan ((vista antivirus) sorted now (I think)) using advice from this sites Spyware Removal tab - thanks for that - my Explorer start page is still hijacked though and I would appreciate some help getting rid of it. I seem to get MSN as opposed to the Google that I am used to and am unable to change it. Every time I load Explorer it reverts to the MSN site. The Vundo was throwing up adverts, this now seems to have stopped after running the Trojan.Vundo removal tool.

Thank you all in anticipation.

SteveCitiheat
 hijackthis.log   12.53KB
  15 downloads

A:Start Page Still Hijacked

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

Read other 1 answers
RELEVANCY SCORE 59.2

I seem to be having some severe problems with some sort of Hijack issue in my browser.
I use Windows XP and Google is my home page.
When I open my browser, all is good besides the Google pic takes a while to load. Google comes up but when I conduct a search it either tells me to check my connection (Connection unavailable) or it directs me to various different pages. Its definitely not a problem with my connection because I am using my laptop with the same connection. I have noticed that the actual Google home page is slightly different to its usual. There is no link to sign into my google account and there is a new header in the top left hand corner called: Shopping, which when I click on it I am signed into Google as [email protected] This is not me, clearly.
I have run various anti virus/spyware/malewale software but nothing seems to get rid of it. There is a new program installed called "Windows Protection Suite" which I never installed.
Please help?

A:Hijacked browser/Fake Google Home page

Moved from HJT to a more appropriate forum. Tw

Read other 2 answers
RELEVANCY SCORE 59.2

I have been infected with malware, and I was following the instructions of the good malware removal helpers at spywareinfo forums. I had posted a Hijackthis log, and had run the common utilities they asked for - Enwido Spyware, AVG Antivirus, Ad Aware SE, Spybot, Spyware Blaster, TREND Housecall etc. and they all came up with some various infections, but obviously not the one that was causing my main problem. They recommended I try to use an automated script - fixwareout.exe, in order to solve the problem. However, probably because of Teatimer or my ZA firewall, fixwareout did not work properly. I asked about this, but then the forum closed down. If someone here could help out, analyze my Hijack This log and explain to me why Fixwareout didn't work and if there is a rootkit problem, I would be very grateful.The infection hijacks my search page in both firefox and in IE7. It also slows down my browser a lot. Logfile of HijackThis v1.99.1Scan saved at 4:26:52 PM, on 2/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AccessManage... Read more

A:A Malware Infection Has Hijacked My Browser And Search Page

Welcome to BC doh! Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.****************************Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf 'Install'.After right clicking on Deldomains.inf 'Install' it appeared nothing happened,this is normal.****************************Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply,along with a new Hijackthis log.

Read other 12 answers
RELEVANCY SCORE 59.2

When IE6 starts the webpage http://www.safyway.blogspot.com opens. This is not my default page or home page and I have no idea how this has become the default page. When attempts to change this default page are made, it returns back to www.safyway.blogspot.com It appears the hijacker has taken control over the default start page of IE. I wish to get back control to the earlier normal settings. Please assist. Also when the fix it option is clicked in Hijackthis for the 2 lines R0 and R1 there is no effect on this setting.

Here is my HJT log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:36 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo... Read more

Read other answers
RELEVANCY SCORE 58.8

I'm using Firefox engine and Startpage as browser. I've set default font to Arial, size 16 which has worked for me for many months. Suddenly, the first page of results are as I;ve set and all following pages are a smaller font. Anyone have this problem or a solution?

Read other answers
RELEVANCY SCORE 58.8

I have a home page that will not go away. Everytime I change it to yahoo or google or anything it still comes up with res://fhagj.dll/index.html#96676 this is of course accompanied by about a thousand pop ups

Also I have tried to take the two programs below off at the control panel add/remove and the computer will not let me remove them. This is the message I get everytime. And if try to take them off more than once they freeze my machine.

Home Search Assistent (this is how it is spelled in the control panel)
Unable to open “http://looking-for.cc/unistall/homesearchassistant.html

Shopping Wizard
Unable to open “http://looking-for.cc/uninstall/ShoppingWizard.html

Is there something I can do? Also I can not get EGDHTML_1030.dll off my machine in the systems 32 location. It says the file is full or protected
Thanks

Sandy
 

A:Unable to change home page for browser

Go here http://tomcoyote.com/hjt/ and get install and run Hijack this; Create a HijackThis folder in [C:] and extract the download zip file that folder; Run HJT Generate a log and post it here. There's full instructions on that website.

***

Close your internet browser, all other programs, doing the below, restart your computer and then generate your Hijack This log.

Clear your browser's Cache and key folders before you generate a HJT log:

Click the Start button; Point to Control Panel, select Internet Options; In the box that opens, click the Clear History; Delete Cookies And Delete Files buttons (tick the box next to, 'Delete all off-line content', each in turn; In the box that opens after activating each button, click the OK button. Click OK to close the Internet Options window.

Clear the contents of the c:\Windows\Cookies; Temporary Internet Files and Temp folders. In WinXP this involves a little more mouse clicking; First entering Control Panel; Opening Folder Options and click the View tab; Then scrolling to put a mark in the Radio button to select 'Show hidden files and folders'; Then click the Apply button then click the OK button. Then Open My Computer; Double-click Local Disk [C:]; Double-click Documents and Settings; Open the 'primary' user's folder, open and empty all contents but Index.dat of the Cookies folder; Back in the Documents and Settings folder; Open the Local Settings folder, where you empty the contents ... Read more

Read other 3 answers
RELEVANCY SCORE 58.8

MSN.com had been my default internet browser page. However, a website:
http://www.aconfidenceonline.com/ has hijacked it and now my browser automatically opens to this page when I double click on the Explorer icon. Also, there are several icons on the bottom right of the page, claiming that my computer is infected and I need to buy verious anti-virus and anti-spyware software. I recently installed a premium level Norton product which says my computer is secure. It also won't allow these programs to be downloaded.
 

A:Security website hijacked my default opening browser page

Read other 8 answers
RELEVANCY SCORE 58.8

Hello, and happy new year. I ran Hijackthis and hope someone can help. My Internet Explorer start page has been hijacked by something called "about:blank" that appears to be a search engine for spam (why would anyone search for spam??). I can change the homepage via the usual method but the next time I start IE it's back to "about:blank". I'm also getting a pop-up window occasionally that seems to try to find the topic of the page I'm looking at and then gives me a link to some more junk advertisements. It says something like: "searching for weather?" or "Searching for adware blocker?", etc. The third problem is a Window that pops up from time to time that calls itself the Windows security center (or something like that) that tells me that my system is infected, and ask if I want to learn how to fix it. The first time I clicked OK and it took me to some vendor trying to sell an adware blocker. I also have a similar baloon that pops up from the tray by the clock along with a red shield symbol.Finally, I have a couple of links that have added themselves to my favorites list. When I run adware removers it gets rid of them but they keep coming back. The links are for "Seven days of free porn", "search the web", "only sex website", and a folder called "Sites about".I have run through the "Preparation guide for use before posting a Hijackthis log" (scanned with ad-aware SE, spybot, ... Read more

A:"about:blank" Hijacked My Start Page And Other Pop-ups

Here's the exact text from the balloon that pops up from the tray next to the clock:

"Your computer might be at risk
*Your virus protection is bad
*Spyware activity detected

Click this balloon to fix this problem"

Read other 5 answers
RELEVANCY SCORE 58.8

I have run adaware, spybot and a few other scans and everything came up clean. I have tried changing the start page but it keeps coming up with a white page saying:

The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
The URL shows "http://www.whitehotproductions.com/237d25/index.html"

Any help is greatly appreciated
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:09:39 PM, on 1/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Chris\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whitehotproductions.com/237d25/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=6... Read more

A:Start page hijacked by whitehotproductions

Read other 16 answers
RELEVANCY SCORE 58.8

After installing emule, start page hijacked to above. In the past, Spybot has been able to protect the IE start page. I am not abel to change it away from finderg.

I have followed the first steps post and here is the main.txt log. The Panda scan and extra.txt are attached.

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-30 09:59:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-05-30 13:59:07 UTC - RP171 - Deckard's System Scanner Restore Point
4: 2008-05-30 12:50:33 UTC - RP170 - System Checkpoint
3: 2008-05-29 12:25:32 UTC - RP169 - Software Distribution Service 3.0
2: 2008-05-28 22:12:34 UTC - RP168 - System Checkpoint
1: 2008-05-27 12:26:29 UTC - RP167 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:30 AM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\sy... Read more

A:IE start page hijacked to finderg.com

Regarding eMule

We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Place a check next to the following entries if they exist (make sure you do not miss any) and click Fix Checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finderg.com
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

Close HijackThis now.

---------------------------------------------------------------------------------------------

Please download Malwarebytes' Anti-Malwar... Read more

Read other 5 answers
RELEVANCY SCORE 58.8

Hello out there,
I am currently running win98 with mcaffee virus scan and firewall and I'm still getting hacked into....my start page keeps going to some affilate of adult porn and redirecting to their sites...i have run spybot, cwshredder, virusscan and attempted to change some registry values affecting the start page...no luck, keeps on switching back...recently, i installed hijack this and hoping somebody out there can help me remedy this problem...this is my log file

Logfile of HijackThis v1.99.0
Scan saved at 6:36:20 PM, on 1/22/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\MSTASK.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\VERIZON ONLINE\BIN\MPBTN.EXE
C:\PROGRAM FILES\3B SOFTWARE\WINDOWS CLEAN-UP PRO\WINDOWS CLEAN-UP PRO.UZY
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\JNS.EXE
C:\PROGRAM FILES\INTERNET EXPLO... Read more

A:Start and Search Page Hijacked

Get AdAware SE - http://www.majorgeeks.com/download506.html, check for updates and run

Make sure you have the latest CWShredder
http://www.intermute.com/spysubtract/cwshredder_download.html
Close all browser windows, open cwshredder.exe then click "Fix" and let
it run.

Add/remove programs – remove The Search Mall – Fast Search Web – My Bar or My Way – Side Search - if present

download http://www.mvps.org/winhelp2002/DelDomains.inf

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute then reboot your PC and post a fresh Hijack This log.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
Print this out and boot to safe mode – go slow and not all entries may be present

Fix with HJT

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explo... Read more

Read other 1 answers
RELEVANCY SCORE 58.8

Hi,

I'm on a PC running Win 7 x64
I think since installing Game booster 3.2, all my browsers start pages have been changed to
http://www.v9.com/iob/iob_1327016108_280565
I'm not 100% sure that's the reason though.

I already looked at each browser's start page options and they have not been changed, so it is happening elsewhere.
I uninstalled Game booster with Revo uninstaller.
I ran CCleaner, Malwarebytes anti-malware, and superantispyware and cleaned everything.
I don't know what else I can do.

I also check to see if any extensions were added , but I couldn't see any suspect addons.

here's a screenshot of my google chrome options:
http://dl.dropbox.com/u/426954/screenshots/ScreenHunter_02 Jan. 21 17.30.jpg

any help appreciated, in the meantime I'm going to restart the computer.
 

A:all browsers start page hijacked

Read other 14 answers
RELEVANCY SCORE 58

If I do a search with Google using Firefox, I get a list of links that my search finds.When I click on any of these search links it goes off to a different page. I've had it go to spyware sites etc......... My browser appears to be being hijacked.I have tried Combofix, Malwarebites, Spybot, Stopzilla etc and although they seem to find things and remove them, the virus does not get removed.I have attached the following logs as requested.-DDS.txt, attach.txt and ark.txt. I've also added a hijackthis log for good measure.Any help would be much appreciated.DDS (Ver_09-10-26.01) - NTFSx86 Run by Bob at 15:04:08.13 on 31/10/2009Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.1789.548 [GMT 0:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\Syste... Read more

A:When I click on a search link in Google, It goes to a different page. My browser appears to be hijacked.

Hi,
I'm new to this forum and am unsure if I should be doing anything else.
Will someone be looking / advising me about gthis problem or is there something else I should be doing.
Many Thanks,

Read other 5 answers
RELEVANCY SCORE 58

My home page has been hijacked to about:blank and i cannot change it back to yahoo or google. My computer is slow and i get pop ups for how to remove spyware. I have run spybot and adaware and it doesnt detect the issue. I also ran Hijackthis and the output is as follows:

Logfile of HijackThis v1.97.7
Scan saved at 11:10:51 AM, on 5/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\Michae... Read more

A:IE browser hijacked, computer slow loaded with popups and home page taken over

Hi and welcome. I have moved you to the security forums for better assistance.
 

Read other 1 answers
RELEVANCY SCORE 58

This morning I found that a "Searchya" toolbar had been added to my browser window and my new start page is searchya.com

There is no "Searchya" program or application listed in the Windows "Uninstall Program" utility.

I've run a Quick Scan using Microsoft Security Essentials but it found nothing.

I know I can hide the toolbar and change the start page, but I feel like this is something I should be concerned about.

If so, what can I do to get rid of it?

Thanks in advance for your help....

A:Searchya! Toolbar; Browser Home Page Change

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next t... Read more

Read other 13 answers
RELEVANCY SCORE 58

I could really use some help with this one! After clearing out a case of trojan.startpage using Norton Antivirus 2005, I still have a problem with what appears to be a hijacked start page. I've tried removing everything with Adware SE, Spybot S&D, CWShredder, but like one of those zombies in a George Romero flick, it won't die! In fact, just now, it seemed to return and hijack my IE homepage as well. I'd be really grateful for any help!

Here's the HJT log file:

Logfile of HijackThis v1.98.2
Scan saved at 10:20:52 PM, on 1/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.com
O2 - BHO: IE Search Toolbar Helper - {2C5175A2-ADF3-4F57-AB70-BA90FD60A383} - C:\Program Files\IESearchToolbar\IESearchToolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program File... Read more

A:Start page hijacked - any help greatly appreciated!

just a quick...bump...any help really appreciated!

Read other 19 answers
RELEVANCY SCORE 58

Thanks in advance for reviewing this post.
Can someone please take a look at my log and let me know if I should remove all of the registry entries HT recommends be deleted.

Logfile of HijackThis v1.99.1
Scan saved at 4:21:40 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwli... Read more

A:Internet Explorer Start Page Hijacked...

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

Read other 7 answers
RELEVANCY SCORE 58

Here is my Hijack this log.I so appreciate your help. Thanks!Logfile of HijackThis v1.99.1Scan saved at 2:14:16 PM, on 4/9/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\NavNT\defwatch.exeC:\Program Files\Executive Software\DiskeeperLite\DKService.exeC:\Program Files\Olympus\DeviceDetector\DM1Service.exeC:\Program Files\NavNT\rtvscan.exeC:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\MsgSys.EXEC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\mssearchnet.exeC:\WINDOWS\system32\nvctrl.exeC:\Program Files\Ahead\InCD\InCD.exeC:\PROGRA~1\VISION~1\ONETOU~2.EXEC:\Program Files\NavNT\vptray.exeC:\WINDOWS�... Read more

A:Start Page Hijacked With Http://www.bestsecurityguide.com/

Hello and Welcome Download SmitfraudFix (by S!Ri) to your Desktop. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop. ===================================Please download the trial version of Ewido Anti-malware 3.5 . Install Ewido anti-malware. When installing, under Additional Options uncheck Install background guard and Install scan via context menu. When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok. The program will prompt you to update. Click the Ok button. The program will now go to the main screen.You will need to update Ewido to the latest definition files. On the left-hand side of the main screen click the Update Button. Click on Start.The update will start and a progress bar will show the updates being installed. Once finished updating, close Ewido. We will use it later.If you are having problems with the updater, you can use this link to manually update ewido. Ewido manual updates. Make sure to close Ewido before installing the update. ===================================Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press Enter This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: ... Read more

Read other 21 answers