Over 1 million tech questions and answers.

Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

Q: Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

I followed the instructions given for those experiencing "Win Min" problems. However, they are different problems, and I was upset to find that this morning everything was as screwed up as before.this http://searchweb2.com hijack reasserts itself as the starting page everytime it's changed, and sometimes crashes new windows. The instructions said something about a scanlong, and I assume that's a HijackThis scan (searching my harddrive for "scanlog" didn't turn up anything). As such, here's what HijackThis turns up.

Logfile of HijackThis v1.98.0
Scan saved at 8:12:15 AM, on 8/1/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\IBMTOOLS\APTEZBTN\APTEZBP.EXE
C:\WINDOWS\SYSTEM\PELMICED.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gpnxahidgftcecajzvd.uk/G...yJ1XpNuLyLgIpioLAahbmCs/7A7UvargUabUtzBf.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45B7-95CB-3CBB919777E1} - (no file)
O2 - BHO: (no name) - {D14641FA-445B-448E-9994-209F7AF15641} - (no file)
O2 - BHO: (no name) - {7271C372-11B4-0701-7F94-E1E516159AB5} - C:\PROGRAM FILES\BLAH README\CHIC SIXTH.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AEZBProc] c:\ibmtools\aptezbtn\aptezbp.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] PELMICED.EXE
O4 - HKLM\..\Run: [GDRIVE] C:\IBMTOOLS\IBMBOOT\GDRIVE.EXE -N
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MovieNetworks] "C:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [MoviePlace] "C:\Program Files\MoviePlace\MoviePlace.exe" /H
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Atom Comp] C:\PROGRA~1\INTERN~2\Move option about.exe
O4 - HKLM\..\Run: [locks mix find for] C:\WINDOWS\All Users\Application Data\Mpegpolllocksmix\less bat.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.6.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://www105.coolsavings.com/download/cscmv5X.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:\WINDOWS\SYSTEM\AUHOOK.DLL

Any help would be greatly appreciated.

RELEVANCY SCORE 200
Preferred Solution: Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Hijacked by http://searchweb2.com/passthrough/index.html?http: //www.yahoo.com/

Read other 7 answers
RELEVANCY SCORE 184.8

Once again, the kids have got onto something. My home page keeps being redirected to http://mysearchnow.com/passthrough/index.html?http://www.google.com/. Can someone check my hijackthis log? Thanks in advance.

ogfile of HijackThis v1.97.7
Scan saved at 1:21:38 PM, on 10/07/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\PLAY ANTI SEEK\IDOLDEAD.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOWNLOAD FILES\HIJACK FILES\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.google.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F... Read more

A:hijacked by http://mysearchnow.com/passthrough/index.html?http ://www.google.com/

Read other 9 answers
RELEVANCY SCORE 148.4

my webbrowser have ben hijack by http://C15693.tdmy.com/passthrough/index.html?
i have been trying to download hijackthis but my computer does not want to download it .
 

A:http://C15693.tdmy.com/passthrough/index.html?

If you mean that you get an error message about missing dll or similar whe trying to open HIjackthis, then you need the M$ vbs runtime files from HERE

Then:

Do this:

Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED.

That ought to get rid of most of your spyware.

When you've done all that, go to http://www.tomcoyote.org/hjt/ , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

Reboot in between running spybot & Hijackthis
 

Read other 1 answers
RELEVANCY SCORE 129.6

Hi....Every few times I open FF, another window opens to: hxxp://9newstoday.net/hoj/hoj/index.html. Ive run malwarebytes and Spybot, but they don't find anything. Ive read through several threads on this forum and others and didn't want to go any further without asking for help...

A:FF 9.0.1 Hijacked to: http://9newstoday.net/hoj/hoj/index.html

Please download GooredFix from one of the locations below and save it to your DesktopDownload Mirror #1Download Mirror #2Ensure all Firefox windows are closed.To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).When prompted to run the scan, click Yes.GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).=====================================================================Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList l... Read more

Read other 60 answers
RELEVANCY SCORE 119.2

I have a search bar that is on my computer and I can not get rid of it. I believe that this search bar is giving me a lot of pop ups and also unwanted favorites. I have run highjack this and saved the following log. How can I get rid of this search bar and the annoying pop ups? Thank you for any help.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:14 AM, on 7/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\requester.10.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EX... Read more

A:problems with http://look-today.com/passthrough/newpass2.html

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem a.s.a.p

Please be patient with me during this time.

Read other 6 answers
RELEVANCY SCORE 119.2

I can't seem to get rid of this annoying toolbar, any help would be appreicated. I've attached my log. Thanks in advance for your help.

Logfile of HijackThis v1.98.2
Scan saved at 6:09:41 PM, on 9/12/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Microsoft Office\Offi... Read more

Read other answers
RELEVANCY SCORE 108

I have a Dell laptop and having major performance problems with this. I keep getting this pop up hxxp://pcspeedmaximizer.s3.amazonaws.com/index.html and also you have won a Walmart card. performance is extremly slow. I have Norton on there but it seems to still have prblem. Can anyone help me with this issue?

A:http://pcspeedmaximizer.s3.amazonaws.com/index.html

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 106.8

I realise this problem has already come up on this forum before so having read everything posted here I have attached with this post my HJT log for the techies to help me with.

It started when my boss opened an email purportedly coming from our mail server administrator explaining he had only 24 hours or something like that to update his email details etc.

Since then IE has been opening on bootup the page mentioned in the subject line above and prompting for a network password (even when not on a network!). The laptop has been running slow for the last week or two and now the email is not working. When the first problem of the webpage opening up on bootup occurred I downloaded for him noadware which found 291 infected files which I deleted. I am sure the oemji toolbar that is now present on all IE windows is related as I remember a similar thing attacking my computer before.

Below is the attached Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 16:44:14, on 06/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\s... Read more

A:http://www.0x90-team.com/~diablo/index.html

Read other 8 answers
RELEVANCY SCORE 104

Please help - I have tried HijackThis and SpyBot-S&D and still can't get rid of this hijacked Home Page.

I have deleted backups and emptied my recycle bin and rebooted, but still get this dammed porn search page each time I open IE.

When you click on their support link you get this advice - not sure about whether this is advisable

----

You can use manual removing without downloading any software:
1) start "regedit", go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ,
delete starting of "svchost.exe" and "olehelp.exe", reboot,
delete files "svchost.exe" and "olehelp.exe" in windows directory.
Starting of files may not exists. Just skip this step.
2) reboot windows and start in Safe mode (F8 button begore starting of windows),
delete file "winlogon.exe" _in_ directory: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
The file may not exists. Just skip this step.
3) Change start page to other address.
4) Do not visit any TGP galleries before loading all patches from Microsoft Update at http://windowsupdate.microsoft.com

PS: If you have our start page after changing again then read this: Only one other reason - you corrected right but not load patches from Microsoft site and visit one of our site or TGP galleries and got files again.

Henry Bison
Security Consultant
Find4U

----

I would appreciate some help

Regards

Simon

Log file follows:

-----

Logfile of HijackThis... Read more

A:Hijacked by http://topotun.com/index.htm

Read other 14 answers
RELEVANCY SCORE 103.6

Redirects Mozilla FF 12.0 to weird webRedirects Mozilla FF 12 to weird web page, http://www.thenetbrains.com/7d6e0d/index.html page, http://www.thenetbrains.com/7d6e0d/index.html

Thank you for your help in advance!

------------------
DDS LOG:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 17:32:03 on 2012-05-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1214.462 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS&... Read more

A:Redirects Mozilla FF 12 to weird web page, http://www.thenetbrains.com/7d6e0d/index.html

Hello and Welcome to Bleeping Computer!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE:... Read more

Read other 12 answers
RELEVANCY SCORE 103.2

Coolweb Search problem is tearing me apart. Can't seem to set my default page. I open IE and the default address is http://213.159.117.134/index.php
Also every now and then a 'plugin installation window' pops up with the message -please wait while we prepare to install the plugin. It installs an icon called sexxx on the desktop and into c:/
I tried deleting it but it installs itself again.
Please review my HJT log and help me out.
Thankyou - Rosanna

Logfile of HijackThis v1.98.2
Scan saved at 3:26:56 AM, on 12/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCFSSVC.EXE
C:\PROGRAM FILES\USB FLASH DISK UTILITY\UFD UTILITY\UFDMON.EXE
C:\PROGRAM FILES\USB FLASH DISK UTILITY\UFD UTILITY\USBTD.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\PROGRAM FILES\WINDOWS ADCONTROL\WINADCTL.EXE
C:\PROGRAM FILES\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\WINDOWS\SYSTEM\ZIIZUD.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILE... Read more

A:Home page hijacked - http://213.159.117.134/index.php (please look at my HJT log)

Read other 7 answers
RELEVANCY SCORE 103.2

I've been reading posts from several websites about help with a homepage hijecked by http://any-find.com/index.htm. It added several favorites to my comp and somehow managed to screw up my AIM so AIM won't upen, but I wasn't sure just what to delete. I got hijack this and cwshredder, and this is my hijack this log:
Logfile of HijackThis v1.97.7
Scan saved at 4:19:24 PM, on 6/14/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\gearsec.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\wt\updater\wcmdmgr.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\winnt\dllhelp.exe
c:\winnt\msbb.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lynn\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://any-find.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

Read other answers
RELEVANCY SCORE 102

Gday
I have spent all day trying to fix this, ive tried hjt, adaware etc and it still wont go away.
I only know a tiny bit about computers so if anyone could help me out here in a langauge i could understand it would be most appreciated...

Logfile of HijackThis v1.98.2
Scan saved at 8:33:18 PM, on 5/11/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\PTUDFAPP.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\MX\VI_GRM.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKAGENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\ENTRTAIN\LGEVNTRT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE\SPAMKILLER\MSKSRVR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\LABTEC... Read more

A:win min on shutdown and http://mypoiskovik.com/index.htm has hijacked my homepage

Read other 9 answers
RELEVANCY SCORE 102

Mod Edit: Split from http://www.bleepingcomputer.com/forums/t/491401/high-cpu-usage-ntoskrnl/ - Hamluis.
I had a similar problem last week. I found that Google Earth was doing it. Long story short, I noticed it. I ran Malwarebytes and two other programs that found nothing. I then tried my Auslogic Disk Defragmentator. his usually comes up with about 100 - 200 fragmented files when I run it. It came up with like 9469 files or something and ran for almost ten minutes. It was mainly removing Google Earth files. You can see the files being processed with this defragmentator. I thought maybe my install had become corrupted so I uninstalled and re-installed  Google Earth. The first time I opened the program the same stuff started and as quick as I could shut it down (I had to completely restart the PC to stop the hard drive activity. Auslogic found 1265 (these numbers are estimated) that were corrupted and Google Earth only ran for less than 30 seconds. My PC now defrags in less than 30 seconds. I highly recommend the Auslocic Disk Defragmenter.
 
Sudsy

A:Hijacked Topic, http://www.bleepingcomputer.com/forums/index.php?

In task manager, my CPU usage, relative to running processes, hovers between 0% and 1% when idle. Does your task manager show high CPU usage at idle, and if so, what processes are causing the high CPU usage? This should not be confused with the CPU system idle percentages.

Read other 8 answers
RELEVANCY SCORE 96.4

Greetings,Using firefox, Google.com intermittently redirects to http://noaccess.verizon.net/noaccess/index.htmlas does download.microsoft.comas do some download links on the ms website.I had no idea where to start, but remembered using hijack this to indiscriminately delete things in the past.I'm using an HP Mini 1030NR netbook with a windows XP install that may not have been intended for the netbook as I bought it second hand. All I really do with this is browse the web (almost exclusively facebook, gmail, blogs, and academic sites) with Firefox, stay connected to AIM through Pidgin, run VLC to listen to mp3s that I have saved on a media card, edit openoffice documents for school, and occasionally run a game or two off a USB stick. The previous owner installed some sort of graphic stylization program that makes my program title bar's transparent, I believe it's called Shades or Blinds or something to that effect. Once in a blue moon I leave the computer unattended at work and it is possible one of my coworkers (other college students, typically less responsible than myself) has been browsing the web but I doubt anyone would maliciously harm the computer. It's a used electronics shop, nothing like an office, so no one would question why someone was poking around on it.The redirect issue started this morning, and I figured I would upload my logs and try to get it resolved. Thanks very much in advance for any help!-Jessepasted, DDS log:DDS (Ver_09-09-29.01) - FAT32x86 Run ... Read more

A:google and microsoft redirect http://noaccess.verizon.net/noaccess/index.html

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 94.4

could you guys please help me get rid of this and any other stuff.Logfile of HijackThis v1.98.2Scan saved at 16:36:30, on 25-8-2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\j2re1.4.2_04\bin\jusched.exeC:\WINDOWS\System32\RUNDLL32.EXEC:\Program Files\Messenger Plus! 3\MsgPlus.exeC:\WINDOWS\System32\ctfmon.exec:\progra~1\intern~1\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXEC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:�... Read more

A:http://searchweb2.com/

Put a checkmark next to the following entries in HijackThis. Make sure all other windows and browsers are closed before clicking on ?Fix Checked?.R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yqquzypjnuwhqivbpkeyrn.biz/UBW8...Fi3YkL9XTw.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.ccabeubfbbophldzxfsdd.net/UBW8F...c3hIo2nzmpj.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = about:blankR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = KoppelingenO2 - BHO: (no name) - {49E0E0F0-5C30-11D4-945D-000000000000} - C:\WINDOWS\system32\IEHelper.dllO2 - BHO: (no name) - {69C52C40-3478-96AD-8C76-0394572F4497} - C:\PROGRA~1\WAYCLO~1\Hole move.exeO4 - HKLM\..\Run: [PEAKSAVE] C:\PROGRA~1\DRAWBE~1\Online camp.exeO4 - HKLM\..\Run: [4 way idol open] C:\Documents and Settings\All Users\Application Data\blah hope 4 way\first plus.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) *********************************************************************** You should uninstall Messenger Plus, then reinstall it without the sponsor links. It comes bundled with LOP.Reboot and pos... Read more

Read other 3 answers
RELEVANCY SCORE 94.4

I'm trying to get rid of "http://searchweb2.com/" I cant get it off of my pc. any heklp you can give would be very welcome. here is my log from hijackthis Logfile of HijackThis v1.97.7 Scan saved at 11:45:31, on 11-8-2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe c:\progra~1\intern~1\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System3... Read more

A:http://searchweb2.com/

You are using an outdated version of hijackthis. Please download the newer version.Download HijackThis from:HijackThis Download Site #1Then post a new logor HijackThis Download Site #2Then post a new log

Read other 1 answers
RELEVANCY SCORE 93.2

FOr some reason, that site always loads up when i open Internet Explorer, and it then redirects me to my homepage. For example, I have my IE to open to MSN (thats my homepage). So when I open IE it should open up to the MSN website but instead what it does is it goes to http://searchweb2.com and it then redirects me to MSN. It does this with ALL sites. I ran adaware and spyware and got rid of everything and I still have this problem. Here is a log in just in case:

Logfile of HijackThis v1.97.7
Scan saved at 11:49:53 PM, on 08/01/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr_.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\El_D0MINICAN0\My Documents\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchweb2.com/passthrough/index.html?http://www.msn.c... Read more

A:[Solved] http://searchweb2.com

Read other 10 answers
RELEVANCY SCORE 93.2

Hi. I have had this problem for many months now and have tried to remove the infection manually using instructions found on ehow, using Norton Antivirus, malwarebytes and spybot search and destroy. Nothing has been successful at removing it. I have just been using my laptop instead of my desktop because I don't want to use an infected computer. The computer is running Windows XP Professional SP3. I receive notifications from Norton that an intrusion attempt has been blocked. When I go into the log, I found that there were three high risk log entries, one for HTTP Tide Serv Request2, one for HTTP CrimePack Activity 1, and one for HTTP Nukesploit Request. As I mentioned this has been going on for months now. At the beginning it was mostly just HTTP Tide Serv Request2, the other two are new today. I'm hoping you can help me, otherwise I'm going to have to reinstall Windows, which I'd like to avoid doing. I hope I have included enough background. My scans are below and attached. Your help is greatly appreciated!

Thanks,
Mike
DDS Scan Results:

DDS (Ver_10-12-12.02) - NTFSx86
Run by PPSV at 12:53:22.68 on 01/13/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1463 [GMT -5:00]

AV: Bitdefender Antivirus *Disabled/Outdated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Bitdefender Firewal... Read more

A:HTTP Tide Serv Request2 / HTTP CrimePack Activity 1 / HTTP Nukesploit Request Problems

Hello mthess, Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.We need to disable Spybot S&D's "TeaTimer"TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.If prompted with a legal dialog, accept the warning.Click and then on "Advanced Mode"
You may be presented with a warning dialog. If so, press Click on... Read more

Read other 7 answers
RELEVANCY SCORE 84.4

Pls. check this log!

Logfile of HijackThis v1.98.2
Scan saved at 3:43:55 PM, on 9/21/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\OfficeScan NT\tmlisten.exe
D:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINNT\System32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\vmnetdhcp.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\System32\dktime.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\dktime.exe
C:\Program Files\ipmsgr\IPMSG.exe
C:\WINNT\System32\rundll32.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet ... Read more

A:http://213.159.117.134/index.php

Read other 9 answers
RELEVANCY SCORE 84.4

I get this page coming up automatically when I start windows. http://63.246.131.130/index.htm what is it? I also get a windows window saying that it is a messenger service and that it has found spyware on my computer. Any feedback appreciated! thx!
 

A:http://63.246.131.130/index.htm-what is this? pls help!!

Read other 9 answers
RELEVANCY SCORE 84.4

Hi
I'm loking after my Uncle's laptop; every time he goes online he gets some spurious web pages come up. Used to be 'crash.html', but I deleted those files from the C Drive, and have deployed Spy bot and Adaware and Giant repeatedly , now its http://63.246.131.130/index that keeps popping up.
Any help on which files to fix from the below?? Thank you (Index.exe looks suspicious to me...??) Much appreciated, thanks. Bill

Logfile of HijackThis v1.97.7
Scan saved at 22:57:29, on 22/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\AccessDirect\DadTray.exe
C:\Program F... Read more

A:Just won't die - http://63.246.131.130/index

Read other 13 answers
RELEVANCY SCORE 83.6

anybody please help I'm going nuts here, so far i can understand i got cws and it keeps changing my home page and adding pages to my favorites. i used, spyboot search and destroy, pest patrols, norton, stinger, adn the removal tool CWshredder and nothing it just keep on showing.

I'm running on xp and disabled system restore but it just seems to stay.

also using all of those programs o got rid of things i font even know if they men to be there.

Please help i got no clue what to do

tiru

A:http://mypoisk.com/index.htm

Please do the following:Create a directory on your hardrive to save HijackThis.exe. A directory like c:\hijackthis. If you do not do this, you will not be able to use the backup/restore features.Download HijackThis from:HijackThisSave this file into the directory you made previously and then run the program. Click on the Scan button and when it is finished click on the Save Log button. A Notepad window will open with the contents of this log. Click on Edit then click on Select all. Then click on Edit and then Click on Copy.Create a reply to this post, and right click in message area and select paste to paste the log into the post.Someone will reply to you after reading this post. DO NOT fix any entries unless you understand what you are doing.To see a tutorial on using HijackThis you can click on the link below:HijackThis - Using HijackThis to Remove Spyware, Browser Hijackers, and Dialers

Read other 18 answers
RELEVANCY SCORE 83.6

Already downloaded every anti-spyware program there is. All they do is scan and fix but the problems keep coming back. What could be the problem? Here is my latest log. What I haven't tried so far is that online scan provided by HouseCall. But everytime I try to start running that HouseCall shiat the bad porn plugin (which I already deleted) comes back. This is my latest HJT log:


Logfile of HijackThis v1.98.2
Scan saved at 7:44:15 PM, on 12/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\NVSVC.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/i... Read more

A:http://213.159.117.134/index.php browser help

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

You have an outdated version of HijackThis. Click here to get the latest version of HijackThis.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CWShredder and click on 'Fix' (it will automatically fix anything it finds for you). If it asks if you want to delete a certain random file, choose No and post that filename here.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be - but double check it):

C:\WINDOWS\SYSTEM\SYSTIME.EXE

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if th... Read more

Read other 5 answers
RELEVANCY SCORE 83.6

Hello and let me first say, that so far I am new to the Techsupportforum...

but I have red >Please, Read This Before Posting A Hijackthis Log.<

And I followed the help in a closed thread, http://www.techsupportforum.com/showthread.php?t=65572 , but could not solve my problem.

I have downloaded the necessary programs described in that thread and followed this thread help step by step, but i don't have any clue, what to do when it comes to: >Then run >HijackThis< again, close any open windows and browsers and fix these:<

The >HijackThis< list published in the thread is different from my result running >HijackThis< on my computer.

Nevertheless I fixed all entries, which obviously had to do with 195.95.218.172/index (first six lines of my logfile) and proceeded with Run CleanUp! and let it clean my computer of temp files.

After that I runned >HijackThis< again in safe mode and got Explorer\Main,Default_Page_URL = about:blank.

I was happy, because it seemed to be solved, but after restarting my computer into normal mode i had the same default page 195.95.218.172/index at my IE

So I am assuming now, that after running >HijackThis< I did not fix all what needed to be fixed.

If someone would be please so helpfull and tell me, what out of my >HijackThis< list needs to be fixed this would be great.

Saludos Walter
Please excuse my english spelling: I am German living in Costa Rica, but any helpfull answer i... Read more

A:Please need help to get off of: Default_Page_URL = http://195.95.218.172/index.php

Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.

KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

CWShredder.exe Open CWShredder and click - I AGREE
Click - Check For Update
Close CWShredder after updating
hjtrun.zip
From within hjtrun.zip, double-click on hjtrun.bat


'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Restart you... Read more

Read other 8 answers
RELEVANCY SCORE 83.6

My Hijack Log

Logfile of HijackThis v1.98.2
Scan saved at 2:06:23 PM, on 12/5/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\BROWSER MOUSE\2D BROWSER MOUSE\1.0\LWBWHEEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\WINDOWS\KDX\KHOST.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\TIBS3.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\SYSTIME.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\PALM\HOTSYNC.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FI... Read more

A:Dialler AND http://213.159.117.134/index.php

Read other 13 answers
RELEVANCY SCORE 83.6

here is my hijack log PLEASE HELP IM GOING CRAZY!!!!

Logfile of HijackThis v1.98.2
Scan saved at 7:44:43 PM, on 11/16/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\systime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\systime.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Expl... Read more

A:http://213.159.117.134/index.php & 125019.exe NEED HELP PLEASE!!!

Well, we don't want you going postal on us now, motox614, so let's get you cleaned up, shall we?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that Display the contents of System Folders' is checked. Windows XP's search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that Search system folders, Search hidden files and folders, and Search subfolders are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer. After we are finished with your log file and verified that it's clean, you may turn it ... Read more

Read other 3 answers
RELEVANCY SCORE 83.6

hello,
I am having a problem with this site I have tryed to change it and it doesnt work and ive downloaded Adware 6.0 and still nothing its still there and it very annoying so if i could get sum help it would be greatful Thanx
 

A:http://213.159.117.134/index.php help me get ride of it

Read other 8 answers
RELEVANCY SCORE 83.6

Hello Everyone!
Could one of you's take a look at my post in the Windows 95/98/Me forum
with the same name as this one.
I am at my wits end and I need all the help I can get.
Thanks!!!!
 

A:'Jacked by http://213.159.117.134/index.php

Reply here:

http://forums.techguy.org/showthread.php?t=258937
 

Read other 1 answers
RELEVANCY SCORE 83.6

Hello there,

My default home page is permanently changed to this one below. Also, a dl.html appears while surfing.

Seems that I am too hijacked by (http://213.159.117.134/index.php) aka coolwebsearch etc.

I have read about similar cases in the forum but i dont want to risk deleting possible useful stuff. I m using HijackTHis v1.97.7 , Windows Millenium edition, and Norton Personal Firewall 2002 , and below follows my logfile. Any help would be ok. thanx :->
Logfile of HijackThis v1.97.7
Scan saved at 00:53:34, on 20/7/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM32\WINTIME.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\NISSERV.EXE
C:\PROGRAM FILES\NORTON PERSONAL FIREWALL\SYMPROXYSVC.EXE
C:\PROGRAM FILES\NORTON PERSONAL F... Read more

A:Another hijack from (http://213.159.117.134/index.php)

Read other 8 answers
RELEVANCY SCORE 83.6

Hi, I'm using Win98

I can't seem to find the problem when I run HiJackThis...

I may have already deleted other useful **** but this still shows up everytime I scan.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
________________________________________________________________

This is the whole log:

Logfile of HijackThis v1.98.2
Scan saved at 9:40:01 AM, on 12/21/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)

Running processes:
C:... Read more

A:http://213.159.117.134/index.php problem (Need help with log please)

Read other 6 answers
RELEVANCY SCORE 82.4

Please Help !

I am getting this problem since 3 days and its causing a pain in my a**, when ever i open internet explorer the home page resets to http://195.95.218.172/index.php and cool web search.
Hijack This log

Logfile of HijackThis v1.99.1
Scan saved at 10:13:44 PM, on 7/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\scheduler.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\Njekmn32.exe
C:\WINDOWS\msmsgrxp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\paytime.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Kumar\Desktop\wokdofoh\castlecop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R1 - HKCU\Software\Micro... Read more

A:home page changes to http://195.95.218.172/index.php

Read other 16 answers
RELEVANCY SCORE 82.4

I've been hijacked by this site: http://mypoiskovik.com/index.htm

I've tried everything; AdAware6 and SpybotS+D as well as HJT and Norton Antivirus. No matter how many times I try it keeps coming back.

When I try to uninstall it using the instructions on their page: http://mypoiskovik.com/help.htm

I'm not allowed to download it because I get an error during the download.

I could have many problems besides this as I continually get popups.

My email even seems to be affected because I've noticed certain words have been hi-lighted in bold and are now LINKED to more damned popups.

I"ve had problems like this before and was able to solve them but this time I'm stumped. Please help.

Jerry
 

A:I've got problems with http://mypoiskovik.com/index.htm

Read other 16 answers
RELEVANCY SCORE 82.4

I think I got it!!! at least on my machine.

I run on Win98 SE. I used HijackThis but was not getting very far. My IE 6.0 home page was hijacked with (http://213.159.117.134/index.php). When I used Windows xplorer, most, if not all of the icons were gone and I would get locked up trying to exit the window. Javascript would not work on any webpage that I visited (for example I could not delete my Yahoo mail from my machine). But strangely what was working was, if I went to the START...RUN...BROWSE. I could control some of the windows function like I could not do using Win Explorer. I would also use a shortcut to Yahoo that I had on my desktop rather than use the IE icon so when I went on to the internet, it would not try to go to the homepage.

So I got desperate. I'm not quite sure what did it but here is what I did. (I think this is everything)

In normal mode...
Using HJT, I took out just about everything on the list except for two or three items that I knew were good. I took out McAfee and others that you would not think to remove. I think I left taskmon.exe and my faxing program. There was also one protocol that would not come out by the name of V1MK.DLL. I also went to the config button on the lower right and changed all of the default search pages to a trusted site. I used Yahoo.

I used SpyBot-Search & Destroy, it found some items but I am not sure if this was the one that did it. It found a number of things and cleaned it up.

AdAware also cleaned a few thin... Read more

Read other answers
RELEVANCY SCORE 82.4

Hey,

By reading some of your other threads i know my comp as some problems! i dont know how to fix so i am turning to you for help! My IE Browser has been taken over by http://mypoiskovik.com/index.htm and wen i shutdown my computer it hangs on a Win Min Error! what can i do, ive tried CWShredder and that didn't touch it! below is my HIJack This log, please could you help?! i would be forever grateful!

Logfile of HijackThis v1.97.7
Scan saved at 09:56:27, on 01/06/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\CVCHOST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\IOMEGA\TOOLS\IMGICON.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mypoiskovik.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://mypoiskovik.com/index.htm
R0 - HKCU\Software\Microsoft\Intern... Read more

A:[SOLVED] http://mypoiskovik.com/index.htm and Win Min

Read other 11 answers
RELEVANCY SCORE 81.6

Hi,

My problem is that whenever I try to open internet explorer it directs me to the website http://195.95.218.172/index. I tried to fix the file but it keeps coming back so there must be something else that I don't get.

Also does anyone know how to keep the language bar toolbar from showing up, every time I start up windows it is there and i have to keep unchecking it manually.

If anyone could help me that would be great, thanks.

Chris
Logfile of HijackThis v1.97.7
Scan saved at 9:39:36 AM, on 9/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
... Read more

A:Solved: Home Page set to http://195.95.218.172/index

Read other 11 answers
RELEVANCY SCORE 81.6

Hi Iv seen a post like this before on this forum here http://forums.techguy.org/showthread.php?t=252173

But I cant seem to get it to go away like the other guy did.

Let me give you a little background as to how I got this. I was on a site and a java type app poped up and started downloading files I dident catch it in time. Next thing I know I have 5 viruses and 294 ad programs and 12 reg entrys. The first thing I did was Run Norton 2003 it took care of the Viruses. Next I used Ad aware 6.0 plus, build 162 and also used Spybot - Search & Destroy and HijackThis. After all that mess the programs took away almost all the stuff. So next I went into safe mode and did it all again.

after that I shut down and started up again. I went on my web browser and it points to http://213.159.117.134/index.php. So i try and change it in the IE tools. But it wont let me. Next I tryed looking at the reg entrys and it put http://213.159.117.134/index.php in again as my home page and stuff. I tryed everything to fix this and I still get popups when I go on the web. So I guess I still have Ad problems?

Well heres some info that will help you help me.

My OS: Win 98SE

Logfile of HijackThis v1.98.2
Scan saved at 4:54:48 PM, on 10/17/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON F... Read more

A:Home page stuck on http://213.159.117.134/index.php

Read other 11 answers
RELEVANCY SCORE 81.2

Have A Lot Of Little Blue Pop-up Screens Saying Something About: No Html Was Present In The Http. Server Response, Http Status 12004, Status Text Unknown.
I Don't Understant What The Problem Is. Also Have Internet Explorer Error Msgs That Give Option For Diagnosing Connect Problems Which I Usually Allow It To Do And It Usually Restores The Connection But Sometimes There Isn't A Connection Problem Found And In Those Cases I Just Start My Search Over But I Find I Am No Longer Logged Into Yahoo Home Page.
I Use A Broadband Modem, My Computer Is Custom Made. Running On Windows Xp Sp2

Thanks, Evonne
 

A:No Html In The Http

Welcome to TSG....

To download HJTsetup.exe from SpyKiller To Download HijackThis go to the following at the File Repository
Click on the link below to Download HijackThis Self Installer:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Save the file to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\HijackThis.
Continue to click Next in the setup dialog boxes until you get to the Select Additional Tasks dialog.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialog box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
At the top of the Notepad HJT log screen, hit Edit then Select All then click Edit and then click Copy doing that copies the text to the clipboard, you won't see it yet....
Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
A security expert with a gold shield to the right of their name should take a look at your log - please be patient.

 

Read other 1 answers
RELEVANCY SCORE 80.8

hai, sorry I don't know if you have been asked this 100 times, but here goes.....

recently when I have been trying to check my email (hotmail), i get diverted to this search engine site with this url: http://296f8.ilxt.info/index.php?aid=632

I have never been to that site before. It is veeery annoying as it prevents me from checking my email. I have tried deleting the url from my history and deleting strange looking programs on my puter. I have also scanned my computer with nortons internet security program AND ad-aware virus scanner. These programs detected and deleted suspicious files but it STILL hasnt gotten rid of this....thing.....

haha sorry....im such a dits...but please help ^_^

ps: i use windows 98 and internet explorer
 

A:http://296f8.ilxt.info /index.php?aid=632....hijacking?

Read other 16 answers
RELEVANCY SCORE 80.8

Hi people, I new and probably this problem is old but I could not find the solution in the answers.

Yesterday I was surfing internet suddenly my anti virus catched 3 VIRUSES It automatically detected them but said file access denied. After this my home page in INTERNET EXPLORER was set to http://213.159.117.134/index.php . I tried to set it back to blank but it again changes itself to http://213.159.117.134/index.php within seconds.
Can anyone tell me how to remove this one.
I have tried using adaware & HIJACK THIS.EXE to remove this virus.


Thanks to all who will devote their time in Advance

A:Internet Explorer Home page http://213.159.117.134/index.php

Please download HijackThis. Create a folder at C:\HJT and move HijackThis.exe there. Run a scan and save the log file. Post the whole log file here. Do not fix anything since most of them listed there are harmless (some are system required). This program will help us determine if there is any spyware/malware on your computer.

Read other 2 answers
RELEVANCY SCORE 80

Hi All,

It's the first time I post here, feel happy to join this site.

It seems all computers through our network are infected by an unknown trojan or malware.

Two weeks ago, when we opened some sites on the web then we got a blank page and was
redirected to the following site.
"http://kiddy.online.sh.cn/upimages/test/index.htm"

It seems my browser is hijacked. Isn't it ?
The next tag is inserted at the top first line of the redirected html page.
<iframe src='http://kiddy.online.sh.cn/upimages/test/index.htm' width=0 height=0</iframe>

I was unable to remove the browser hijacker till now.
Either latest version of Avast , Nod32, Lavasoft Ad-aware , SpyBot SD or Malwarebytes' Anti-Malware cannot find or remove it.
Either I use Firefox or IE I get the same result.

Today I just see that html page are redrected to "http://www.sxblgg.com/inc/he1p.htm".
The next tag is inserted at the top first line of the redirected html page.
<iframe src='http://www.sxblgg.com/inc/he1p.htm' width=1 height=1</iframe>
It seems "http://www.sxblgg.com/inc/he1p.htm" contains javascript program.So first thing I did was to disable any javascript downlooad.

I am not sure but I've heard some Mac machines have been also infected.

Kindly please advice how to remove this...

Thanks in advance and Regards.

Info about my computer:
-running OS Windows XP
-Browser Mozilla Firefox / IE
-Nod32 Anti-virus.
-Ad-aware
-Spybo... Read more

A:Always Get Redirected To Http://kiddy.online.sh.cn/upimages/test/index.htm

It seems all computers through our network are infecteddo you know how to clean a network?who's the system administrator?

Read other 4 answers
RELEVANCY SCORE 79.6

I don't know if they are linked but I have noticed two problems since downloading IE 7. #1 - I can't view all sites and after investigating the properties of these pages, I found that they are HTML documents with Hyper Text Transfer Protocols. Not Encrypted and the address will end in .html or .htm

How do I fix this so I can view the pages?

#2 - All of my files in Accessories/Entertainment are gone. It says that it is empty. I was wondering if there was a program that was missing that allowed viewing of HTML.

Thanks for any help you can give me!

Read other answers
RELEVANCY SCORE 79.6

Does anyone know what the link below means :-

http://www.h4ck3rz.freehomepage.com/pwn.html

This link continuously loads onto my pc along with a flash of a black screen (lookslike ms dos) and then a grey box loads on top of that saying something like macromedia flash - do i want to download ???

This is taking over my pc and driving me mad - i have done all my updates and virus checks etc

please help !!
 

A:http://www.h4ck3rz.freehomepage.com/pwn.html

I have the same problem. Please anyone help!!!
 

Read other 3 answers
RELEVANCY SCORE 79.6

I just downloaded CCleaner and now I am seeing the above message all the time. How do I get rid of this. Seems the all these so called fix it programs just make my problem worse.

A:http://fastcontent.conduit.com/ti.html?

  
Quote: Originally Posted by Barnum


...now I am seeing the above message all the time.....


Seeing it where? As a homepage?

Seeing it how? Inside you browser?

Post a screenshot if words won't do:
Screenshots and Files - Upload and Post in Seven Forums

Read other 5 answers
RELEVANCY SCORE 79.6

i keep getting loads of pop ups from hxxp://67.201.36.16/nolink.html i think , well its comming from somwereLogfile of Trend Micro HijackThis v2.0.2Scan saved at 22:54:46, on 30/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Common Files\Real\Update_OB\realsc... Read more

A:popups http://67.201.36.16/nolink.html

my olt scan is OTL by OldTimer - Version 3.1.1.4 Folder = C:\Documents and Settings\Administrator\DesktopWindows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 69.52% Memory free3.84 Gb Paging File | 3.41 Gb Available in Paging File | 88.62% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 465.75 Gb Total Space | 448.89 Gb Free Space | 96.38% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: DAZ-153E40FDAB4Current User Name: AdministratorLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OnSkip Microsoft Files: OnFile Age = 14 DaysOutput = StandardQuick Scan ========== Processes (SafeList) ========== PRC - [2009/10/30 22:28:29 | 00,526,336 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exePRC - [2009/10/29 02:26:58 | 00,908,280 | ---- | M] (Mozilla Corporat... Read more

Read other 5 answers
RELEVANCY SCORE 79.6

Back again! Shouldn't have switch to the new symanetc security program available from my school...now i've managed to pick up a ton of CRAP! Here's my log:Logfile of HijackThis v1.98.2Scan saved at 8:21:04 PM, on 9/22/2004Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exeC:\Program Files\... Read more

A:http://69.20.56.3/yyy10.html problems...

Now please Download LSPFix from:LSP-FixDisconnect from the Internet and close all Internet Explorer Windows. Run then program and check the "I know what I'm doing" Button and place all listings of :\windows\system32\calsp.dll/b] into the remove section by clicking on the button that points to the right. When all instances of this dll are in the Remove section. Press the finish button.Then Reboot.To see a tutorial on how to use this program click the link below:Using LSP-Fix to remove LSP Spyware & HijackersWhen you are done post a new log Then I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonO3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)O4 - HKLM\..\Run: [tdlzkjnuphayh] C:\WINDOWS\system32\srjtgrcq.exeO4 - HKLM\..\Run: [saie] c:\windows\system32\saie.exeO4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXEO16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50188/QDow_AS2.cabO16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CABReboot your computer into Safe Mode[b]Then delete t... Read more

Read other 8 answers