Over 1 million tech questions and answers.

IE6 Browser Hijacked - Default page to unwanted site

Q: IE6 Browser Hijacked - Default page to unwanted site

When IE6 starts the webpage http://www.safyway.blogspot.com opens. This is not my default page or home page and I have no idea how this has become the default page. When attempts to change this default page are made, it returns back to www.safyway.blogspot.com It appears the hijacker has taken control over the default start page of IE. I wish to get back control to the earlier normal settings. Please assist. Also when the fix it option is clicked in Hijackthis for the 2 lines R0 and R1 there is no effect on this setting.

Here is my HJT log file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:36 PM, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\abcd\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.safyway.blogspot.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = www.safyway.blogspot.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.1.1:3128
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{193422A2-834A-4C0D-9991-250D225B7EE9}: NameServer = 203.94.227.70,203.94.243.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{193422A2-834A-4C0D-9991-250D225B7EE9}: NameServer = 203.94.227.70,203.94.243.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 8758 bytes

Read other answers
RELEVANCY SCORE 200
Preferred Solution: IE6 Browser Hijacked - Default page to unwanted site

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 80.8

MSN.com had been my default internet browser page. However, a website:
http://www.aconfidenceonline.com/ has hijacked it and now my browser automatically opens to this page when I double click on the Explorer icon. Also, there are several icons on the bottom right of the page, claiming that my computer is infected and I need to buy verious anti-virus and anti-spyware software. I recently installed a premium level Norton product which says my computer is secure. It also won't allow these programs to be downloaded.
 

A:Security website hijacked my default opening browser page

Read other 8 answers
RELEVANCY SCORE 68.4

I am posting my Hijack this log below.

I have used Hijack this and attempted to fix the first references to http://213.159.117.132/index.php. Each time I fix it, it reoccurs. This directs me to a Cool Web Search site and I can't change it.

Periodically, my IE launches two pages, windows\dl.html and one that says connector object.

My system is extremely slow.

I have run Adware 6.0, Spybot Search and Destroy, CWSshredder, NoAdware and my Symantic Antivirus. Nothing is found.

Help me......you're my only hope.

Thanks.

Logfile of HijackThis v1.97.7
Scan saved at 3:25:00 PM, on 6/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Progra... Read more

A:Hijacked default page/dl.html page popup

go here http://www.computercops.biz/downloads-cat-14.html and download
CoolWWWSearch.SmartKiller (v1-v2) MiniRemoval
 

Read other 1 answers
RELEVANCY SCORE 67.6

Hi, I'm new here. I need help badly. I have few problems which had been bugging me for some time.

Whenever I tried to search for something using yahoo, another search page "searchportal" will pop-up. And while I am surfing the net, a pop-up will appear once a while featuring different products ranging from porn to adware removal, with the title "only the best".
As if not enough, somtimes when I just started to surf the net, a plug-in called "websiteviewer" will automatic install.

I tried scanning with Spybot S&D, AdAware, CWShredder,
each time I fixed the problems found, and when I reboot the PC again, the same problems came back again. Pls help me... thnks a million.....

Attached is the log file of HJT.
 

Read other answers
RELEVANCY SCORE 66.4

hey, i got the same exact problem as the first guy here. i just got hijackthis and now im going to post my results.

Logfile of HijackThis v1.97.6
Scan saved at 7:24:15 PM, on 1/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Danny Baker\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://tooncomics.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://tooncomics.com/main/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://tooncomics.com/main/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:browser hijacked and unwanted popups

Click on the link below to download CWShredder. Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do it's thing.

http://www.merijn.org/files/cwshredder.zip

When it is finished restart your computer.

To help prevent this from happening again, I strongly recommend you install the folowing patches for the vulnerabilities that this hijacker exploits:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-075.asp

*Note: The simplest way to make sure you have all the security patches is to go to Windows update and install all "Critical Updates"

Go here http://www.lavasoftusa.com/support/download/ and download
Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on "Check for updates now" and download the latest referencefiles.

Make sure the following settings are made and on -------"ON=GREEN"

From main window :Click "Start" then " Activate in-depth scan (recommended)"

Click "Use custom scanning options" then click "Customize" and have these options selected: Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all... Read more

Read other 3 answers
RELEVANCY SCORE 66.4

I've got a virus of some kind on my system which neither Norton Antivirus can find nor will Spybot Search and Destroy identify as a problem. It generates unwanted popups, often to adult sites and also changes my browser home page address to res://mshp.dll/index.html#22776

I am running Windows 2000 Professional
Norton Antivirus 7.6

need help how to find and fix.

Thanks
 

A:browser hijacked and unwanted popups

Read other 6 answers
RELEVANCY SCORE 66.4

I really need help.. I'm quite illiterate when it comes to computers. Everytime i switch on the computer and log in to Internet Explorer, my start page would lead to wwwcoolsearch.. i tried changing the default url.. but everytime i restart the computer, it would just be the same as before.. Please help me..
 

A:Stuck with this site as default page http://%77%77%77%2e%63%6f%6f%6c%77%77%77%73%65%6

Read other 7 answers
RELEVANCY SCORE 66

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:15:45 PM, on 9/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ntvdm.exeC:\windows\system\hpsysdrv.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\WINDOWS\system32\ps2.exeC:\Program Files\ScanSoft\TextBridgePro11.0\opware32.exeC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Fichiers communs\Real\Update_OB\realsched.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\PROGRA~1\Grisoft\AVG7\avgemc.exeC:\OPLIMIT\ocrawr32.exeC:\Program Files\Fichiers communs\Portrait Displays\Sh... Read more

A:Hijacked Browser Taking Me To Unwanted Porn

Welcome to the BleepingComputer HijackThis Logs and Analysis forum jpcvb My name is Richie and i'll be helping you to fix your problems.Please download FixWareout:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exe Save it to your desktop and run it. Click Next,then Install,then make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load,this is normal.When your system reboots,follow the prompts. Afterwards, HijackThis will launch,if it doesn't,launch it manually. Please click Scan, and checkmark the following items:R3 - Default URLSearchHook is missingO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0CC660EF-3CBD-4888-BC06-16FE734950E5}: NameServer = 85.255.116.131,85.255.112.89O17 - HKLM\System\CCS\Services\Tcpip\..\... Read more

Read other 1 answers
RELEVANCY SCORE 65.2

Hi Guys

Thanks in advance for any help provided

My browser was hijacked recently and while it doesn't seem as malicious as other browser hijacks I've read about, it is bothering the heck out of me

Every time I boot up my computer and open firefox, another page will open up that brings me to 'topdownloads.net' - I have done a search and can confirm they're evil

I can close this page and surf freely without any other problems - if I turn off the computer and turn it on later during the day, the browser hijack does not happen again

However, if I go to bed and turn on the computer the next day, the browser hijack will occur once more - but as stated earlier, I am able to surf freely without any other disruptions for the rest of the day

In short, this problem seems to be happening every time I turn on the computer each separate day

Below are the required logs (DDS/Attach/GMER)

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by FuglySC at 12:16:42.67 on 05/15/2011 Sun
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Ultimate 6.1.7601.1.936.86.1033.18.2046.1145 [GMT 8:00]
.
AV: Kaspersky Internet Security *Enabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
... Read more

A:Browser Hijacked - Firefox Always Opening with Unwanted Website

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 14 answers
RELEVANCY SCORE 64.8

Hi! My internet explorer is being hijacked by a site named 114. I had attached the screenshot which I will come into whenever I open up internet explorer. Some xtra shortcut of various browser that will lead me to the site will show up no matter how many times I deleted it. The HJT log is as follows. I will appreciate any advice into removing this trojan horse or virus. Thank you.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 2:16:26 PM, on 8/9/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\system32\igfxsrvc.exeC:\Windows\RtHDVCpl.exeC:\Program Files\GridService\peer.exeC:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeC:\Program Files\SingTel\McciTrayApp.exeC:\Program Files\FlashGet\flashget.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Fil... Read more

A:Browser hijacked by the site "114"

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 10 answers
RELEVANCY SCORE 64.8

When starting IE v. 6 I no longer go to Yahoo.com. I get some other strange search engine. I can't reset the web page in internet options either. I've heard about this hijacking stuff but now I think I am experiencing it. Any suggestions would be greatly appreciated.

PS Since this problem started I am also getting hammered with pop-ups.

Thanks,

Maddog
 

Read other answers
RELEVANCY SCORE 64

===============================================

Sysinfo:
Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 2
Processor Count: 4
RAM: 6006 Mb
Graphics Card: NVIDIA GeForce 310M, 512 Mb
Hard Drives: C: 232 GB (35 GB Free); D: 221 GB (31 GB Free);
Motherboard: Acer, Aspire 4740
Antivirus: Microsoft Security Essentials, Enabled and Updated

===============================================
Once every month or so, my browser(s) (Chrome and IE) would open up an ad-filled page called "th.hao123.com". The default start page for both of them are set to "new tabs page" on launch.

I searched for "hao" in the registry and found suspicious entries in the following folders: "HKEY_CURRENT_USER\Software\Microsoft\Interent Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DHP" under the "DoNotAskAgain" key's value as saying: "th.hao123.com". And also in the folder: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN" under the "Start Page" key's value as saying: "http://th.hao123.com/?tn=sdks_inner_hp_09_hao123_th&guid=bfc7f3cf757f1eea017a41a569e2d927". And once again, in the folder: "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN" under t... Read more

Read other answers
RELEVANCY SCORE 64

Hello -

I seem to have picked up spyware/viruses and was hoping for some help... I followed you directions for posting the Hijack.log. When I ran the online scan - it found the following:
TROJ PUPER.M CanNotAccess C:\WINNT\system32\intmonp.exe
TROJ CODERED.C Non Cleanable C:\WINNT\Temp\DWH967C.tmp
TROJ CODERED.C NOn Cleanable C:\WINNT\Temp\DWH9835.tmp
TROJ CODERED.C Non Cleanable C:\WINNT\Temp\DWH9871.tmp
TROJ CODERED.C Non Cleanable C:\explorer.exe

When I open my explorer, it defaults to updatesearches.com... and I get popups stating my computer has spyware, download this and that..

Here is my hijack.log, any help to rid of this is greatly appreciated!!

Logfile of HijackThis v1.99.1
Scan saved at 10:13:53 PM, on 6/6/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\acs.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cba\pds.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\W... Read more

A:Default page Hijacked - Hijack.log included

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!


Download this file: http://www.bleepingcomputer.com/files/reg/smitfraud.reg ? Don?t run it yet



Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.


Go to My Computer->Tools/View->Folder Options->View tab
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button


Press CTRL ALT DELETE to open Windows Task Manger. Click on the Processes tab and end the processes that were identified as related and any of the processes named in the list a bit further down.

C:\WINDOWS\System32\shnlog.exe
C:\WINNT\popuper.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\intmon.exe
C:\WINNT\System32\msole32.exe


Doubleclick smitfraud.reg and confirm you want to merge it with the registry.


Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Copy all the files in the code box (below) at the same time by right clicking (hold down) just before the first file and drag mouse down to highlight them all. Then left click the highlighted files and select... Read more

Read other 19 answers
RELEVANCY SCORE 64

My IE has been taken over, below is the logfile. Can you please help me with this matter.

Thanks,

Phi

Logfile of HijackThis v1.97.7
Scan saved at 10:41:26 PM, on 4/22/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.50 (5.50.4134.0600)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\SYSTEM\FPAPLI.EXE
C:\WINDOWS\IRXFER.EXE
C:\WINDOWS\SYSTEM\HKEYMAN.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\D-LINK\AIRPLUS XTREME G\AIRPLUSCFG.EXE
C:\PROGRAM FILES\ALPHA NETWORKS\ANIWZCS SERVICE\WZCSLDR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\NEW DELETE EQ\REAL CHIN.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\DISKSERV.EXE
C:\WINDOWS\WININET32.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 4.0 SE\CALCHECK.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES... Read more

A:Internet Explorer default page hijacked

Download CWShredder:
http://www.spywareinfo.com/~merijn/files/cwshredder.zip
Unzip, run and hit the ->fix tab to fix all found problems

CWShredder takes advantage of seurity holes in windows so you should install all critical as well as hotfixes available from windows update.
Then repost a fresh Hijack this log .

Download 'Hijack This!'. http://www.tomcoyote.org/hjt/ and save it to a folder on your desktop.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
 

Read other 1 answers
RELEVANCY SCORE 63.2

http://www.bleepingcomputer.com/forums/ind...hl=Search-DailyI have posted the above problem a week ago but haven't recieved any reply yet. Please help me out on the above problemThanks_ketan.

A:Browser Hijacked By Search-daily...site

Please be patient. More than 50 new logs are being posted here everyday and we don't have enough helpers to deal with them all in once. In case you have not received help in 5 days, please post a message in this thread:Haven't Had A Reply In Five Days?

Read other 1 answers
RELEVANCY SCORE 63.2

I am a newbie to this post.It seems my browser has been hijacked by the "Search-Daily" site. Whenever i search in google and if i click on any result link, it redirects me to the "Search-Daily..." site. I don't know what to do. Please help me out.I have hijackthis software installed on my computer. Please refer to the below mentioned log generated by hijackthis softwareLogfile of Trend Micro HijackThis v2.0.2Scan saved at 7:02:02 PM, on 12/6/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:&#... Read more

A:Browser Hijacked By "search-daily..." Site

Hi Ketan SoniDownload SmitfraudFix (by S!Ri) to your Desktop.http://siri.urz.free.fr/Fix/SmitfraudFix.exeDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press EnterThis program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.IMPORTANT: Do NOT run any other options until you are asked to do so!**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Read other 2 answers
RELEVANCY SCORE 62

I upgraded Firefox to v.3.03. Firefox is a nice browser, but it is not my prefered browser, but I like to keep it to take a look at it's ad-ons. I realize that many of you will not understand, but I prefer IE (I'm using v.8 beta 2 at present).

So imagine my shock when everytime I opened IE, I got an error message telling me it was not the default browser and asking if I would like to make it so, Clicking on yes, I figured that was all I had to do. It wasn't. Firefox would not give up the default designation, no matter what I did.

I clicked on the Default Programs tab.There, I set IE as the default browser. There, I set IE as the default for virtuallly all internet extensions. None of this worked, Firefox wouldn't let go. A minor problem, but a pain in the bottom!

I open Firefox and go to Tools > Options > Advanced and find that Firefox is the default browser, but there appears no way to reverse this.

The only option, it appears, is to remove Firefox from the computer. Is there a better way? Perhaps there is a registry edit?
 

A:Firefox Has Hijacked Default Browser Designation

Read other 13 answers
RELEVANCY SCORE 62

First of all thanks so much for taking some time to look at this problem. Basically whichever browser i have set to default (tried waterfox, IE, and Chrome) it will open to the following website or once the browser is already open it will continually keep opening new tabs to this site every minute or so. There webpage shows blank on my browsers.
 
(http://bidr.trellian.com/r2.php?e=YPEC5m4ENXkTeshL2U8CDR5Ppei5pEbu9JX8Yfr6%2B0dG3oIvAHJHFZBj8MnIy9Nl9MJBIU1XUyZxMU2loRbf3BdoGamx9zLfCotKwkrYu3y8MpaDZSP6ESHIU1DPS37aapQJl8EpFC1byegR%2FGRdFviRUaYOeXSLd%2FsmBU49ENwrC6DoxcvUlJwRzbs%2FUzmkvEZ2XSCLyhDt9W5VBIlL1qYj1a8ej0%2B8J69BOIIDthtuQrPDG%2FEqR5Kz4u6PE5qFukW5FmHtC1SL%2FbWP2zY%2BTlErut%2BvWqeYViFw0ivmGXOxA%2BTRiPihQH6JJs23X45tii4PLduqQJR5lZ6Jm7HIH44y6gfDgaOc7MK2tTVHQNnLKFiL9IQsuEfh%2FkSAPZlK9idh2SZgoh0DgcjtnY0vcTiGp8xO1dW876EUVwszZh50PMvIgL%2BkdRfgwkpQs4sjF%2Bm7p6P%2FroQwoVA9XCq7QkKUziv3drzBkf%2BFmCbP7zd%2Bi75DFdDBfAzvPdBwMz4Hwet4CX2cIJQo6dHB%2FOXhe4qZCAD46t6zPAPswC%2BbwSh%2B3vBrUZZzhM4m4KvcKwHCItvKPVhe65HtZvVK7mR6DIDYRKZFWUAb) or once the browser is already open it will continually keep opening new tabs to this site every minute or so. There webpage shows blank on my browsers.
 
Holy crap for the first time after about a couple weeks of this all of a sudden while typing this post my broswer just opened about 8 tabs at once. First was Searchnet.com and all the rest were salestores.com. It is still doing the bidr.trellian website every minute or so.
 
DDS (Ver_2012-11-20.0... Read more

A:Default browser hijacked, opening new tabs on its own!

Hi Crank4 and welcome to BC.Please take note of the following:1. Please do not run any other tools unless instructed.2. Please don't install or uninstall anything unless asked.3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.5. Please reply to this thread. Do not start a new topic.Step 1Please uninstall the following program:Bywifi Adware - Changes the start page without your consent. Known to cause pop-up advertisementsStep 2For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.Double-click the downloaded icon to run the tool.When the tool opens click Yes to disclaimer.Make sure that Addition.txt is selected at the bottomPress Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.Please post both FRST reports with your next reply.Thanks

Read other 14 answers
RELEVANCY SCORE 62

I use the Maxthon browser which uses IE as the "underlying" browser to maintain compatibility with all web pages designed for IE. I use Maxthon because it adds features I cannot get from IE. My problem started about 4 weeks ago. Each time I start Maxthon I have to reset it as the default browser. Maxthon asks if I want to start it as the default browser because I have configured it to check for this condition.

I realize this is a minor inconvenience and it not a major malware issue, so if your time is better spend on more pressing issues, I will certainly understand. After all, we are all asking for volunteer support and more pressing problems should, understandably, be address before minor annoyances.

Having said that, I have not asked for help without doing a lot of work first. I have only see this problem one time before in my 26 years of working with PCs, so I am a neophyte when it come to repairing issues like this. I have spent over 20 hours already and am not much further along in addressing the issue. Please allow me to compliment you on designing and describing the 5 step process. It is a "well thought out", enlightening and educational process. This is the first time I have come to this forum and I am impressed whit what you have done here.

Sorry for the long intro but I wanted to say I understand if you do not get to this annoyance right away. I can certainly live with it for a while longer.

If you decide to address the pr... Read more

A:Default Browser Hijacked and error with pngfilt.dll

Bump, please

Read other 5 answers
RELEVANCY SCORE 62

This morning I turned the computer on and it took a while to boot up. Yesterday I ran Windows Defender and Malwarebytes due to slow start up and cursor circling indicating a program was running in the background. Windows Defender found some suspicious items, I chose the option to send to Microsoft.
 
When I opened Firefox this morning, it should have been our email homepage (web based) but instead it opened to a random site asking for login and password. The web address did not contain any correct information. I attempted to go to the email provider website and was redirected to another site. Eventually I was able to use the history to access email, having issues with not being able to send email, opening new tabs for other searches results in very slow search.  Every now and then the screen and items open in the tray will flash to white and then reappear (almost in a wave pattern).
 
Operating System
Windows 8.1
AMD A4-5300 APU with Radeon ™ HD Graphics 3.40 GHZ
Installed RAM 6.00 GB
64 bit
 
Please advise what I should do. Thank you.

A:Possible hijacked browser, homepage/email opened to random site

Hello, I suggest you run these next.In FireFox it may be the Add ons/Plugins.Try disabling them one at a time and see which one was at fault.How to disable extensions and pluginsKeeping your third-party plugins up to dateIf it is your homepage...Click the Firefox button at the top left corner of the page and choose Options.In the Home Page URL box, enter the homepage you want to use instead of SweetPacks and then click OK.MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file sho... Read more

Read other 1 answers
RELEVANCY SCORE 61.6

Hi,

The browser on my internet explorer keeps changing. After reading some posts in here, I have run Hijackthis and results are posted below. Could someone please help me sort my computer?

Thanks
T.
Logfile of HijackThis v1.99.0
Scan saved at 22:52:01, on 13/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\carpserv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Progra~1\Support.com\bin\tgcmd.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\Microsoft AntiSpyware\... Read more

A:Default page on browser keeps changing

Read other 6 answers
RELEVANCY SCORE 61.6

Hi, I'm running Windows 8.1 and think I have run into the same issue this person has, though I'm finding some of the processes he has gone through to fix it quite difficult to understand.

http://forums.techguy.org/archive-windows-95-98-me/60065-need-help-removing-default-home.html

Though, I'm not sure how I can solve this issue under my circumstances- any help would be appreciated. I am quite a novice when it comes to issues like this but I should be capable of fixing it under instruction.

My Anti-Virus has picked up a program which has removed the default page in question from my Chrome. However, when I open Internet Explorer, that page- "http://www.istartsurf.com/?type=sc&...t&uid=ST1000DM003-1CH162_Z1D7ES0BXXXXZ1D7ES0B" opens and I have done everything I can to remove it. I've went into the Internet settings and removed it from default pages, etc and changed my homepage, but the page still persists. I believe I have also removed any relevant suspect programs from 'add or remove programs' but the problem page still persists.

Again, the antivirus seems to have removed all trace of 'iStartSurf' from my Google Chrome. I do not use Internet Explorer but these kinds of issues make me quite paranoid- any help would be greatly appreciated. Just whatever I do, Internet Explorer opens with that iStartSurf page.

Update: I've put the iStartSurf page on the blocked site list for Internet Explorer which causes it to loa... Read more

A:Forced Default Browser Page on IE?

Read other 6 answers
RELEVANCY SCORE 61.2

My browser page is been hijacked and nothing helps. the hijack this log is as below pls help me again mr grinler, plimsollLogfile of HijackThis v1.97.7Scan saved at 4:48:21 PM, on 7/16/2004Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Winamp\Winampa.exeC:\Program Files\Norton Internet Security\IAMAPP.EXEC:\PROGRA~1\NORTON~1\navapw32.exeC:\Documents and Settings\sundaravadivelu\Desktop\hotfoon4.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Webshots\WebshotsTray.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton Internet Security\NISUM.EXEC:\Program Files\Norton Internet Security\NISSERV.EXEC:\Program Files\Norton Internet Security\SymProxySvc.exeC:\Program Files\Norton Internet Security\ATRACK.EXEC:\Program Files\Messenger\msmsgs.exeC:\WINDOWS\Sy... Read more

A:browser page hijacked pls help

I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\System32\IEsp.mhtO2 - BHO: (no name) - {0B519E07-7824-4adc-8890-93D5EABBF285} - C:\WINDOWS\System32\msadocm32.dllO2 - BHO: (no name) - {A3DFDA85-1D92-4E28-8C0C-522574ACDC8A} - C:\WINDOWS\System32\msacrohlp.dllO4 - HKCU\..\Run: [HOTFOON2] C:\Documents and Settings\sundaravadivelu\Desktop\hotfoon4.exe /hO16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.6.cabReboot your computer into Safe Mode and delete the following files:Then delete these files or directories (Do not be concerned if they do not exist)C:\WINDOWS\System32\IEsp.mhtC:\WINDOWS\System32\msadocm32.dllC:\WINDOWS\System32\msacrohlp.dllC:\Documents and Settings\sundaravadivelu\Desktop\hotfoon4.exeDisable System Restore. You can find instructions on how to enable and reenable system restore here:Managing Windows Millenium System RestoreorWindows XP System Restore GuideRenable system restore with instructions from tutorial aboveRebo... Read more

Read other 4 answers
RELEVANCY SCORE 61.2

Dear Admin, There are multiple pop-ups on my browser.  For example, How to remove a virus?  Then the virus will be bold with a pop-up when my cursor goes on it.  In addition to that, there are other pop-ups on the side/top/bottom of the site.   Besides that, my computer is getting laggy. Do you have any suggestion to solve this?   My default page will be mystartsearch.com although I have changed it to www.google.com   Things to note: My windows may not be of a genuine copy so I cannot do a windows update.   Looking forward to hear from you soon. Many thanks. Best regards, Kenny Lim

A:Pop-ups on my browser & Start page is default in mystartsearch.com

Dear Admin,
 
I have further information.
 
The virus is most probably due to the following 3 programmes:
i) WindowsManger pro
ii) Thegophotoit
iii) the hdvid-codec v10
 
I have removed it from the "Uninstall list". When I try and uninstall, they said error occurred and it was removed from the list.
 
 
Kindly guide me how to solve the issue and the computer lag issue.
 
I believe the lag issue is also due to these 3 programmes.
 
 
 
Many thanks.
 
Best regards,
 
Kenny.

Read other 4 answers
RELEVANCY SCORE 61.2

My pc runs windows 7 home premium, and when I try and connect to the net via Google chrome or Firefox a page I do not want appears: RVZR-a.akamaihd.net/sd/dw31.html?u=http%3A%2F%2FRVZR-net%2FSD%2fdhi%2fusionX%2F.4.html% and so on. Somehwere in the long page address is dub119.mail.live.com&UA etc.
I am not very technical but I know my pc is infected, how can I get rid of this? Norton 360 cannot help.
 

A:browser auto directs to default page

Go here, then click the large blue "Download Now @ Bleeping Computer" button to download and save AdwCleaner.exe to your desktop.

Close all open windows first, then double-click AdwCleaner.exe to load its main window.

Click the "Scan" button, then allow the scanning process to finish.

Click the "Report" button.

When the log appears, save it.

Return here to your thread, then copy-and-paste the ENTIRE log here.

-----------------------------------------------------------------

Download and save the

TSG System Information Utility (SysInfo.exe)

After it's been downloaded and saved, double-click it to run it.

Information about your computer will appear.

Return here to your thread, then copy-and-paste the ENTIRE text here.

-----------------------------------------------------------------
 

Read other 3 answers
RELEVANCY SCORE 61.2

Dear Admin,
 
There are multiple pop-ups on my browser. 
 
For example,
 
How to remove a virus? 
 
Then the virus will be bold with a pop-up when my cursor goes on it.
 
 
In addition to that, there are other pop-ups on the side/top/bottom of the site.
 
 
 
Besides that, my computer is getting laggy. Do you have any suggestion to solve this?
 
 
 
My default page will be mystartsearch.com although I have changed it to www.google.com
 
 
The virus is most probably due to the following 3 programmes:
i) WindowsManger pro
ii) Thegophotoit
iii) the hdvid-codec v10
 
I have removed it from the "Uninstall list". When I try and uninstall, they said error occurred and it was removed from the list.
 
 
Kindly guide me how to solve the issue and the computer lag issue.
 
I believe the lag issue is also due to these 3 programmes.
 
 
Things to note: My windows may not be of a genuine copy so I cannot do a windows update.
 
 
 
Looking forward to hear from you soon.
 
Many thanks.
 
Best regards,
 
Kenny Lim
 

A:Pop-ups on my browser & Start page is default in mystartsearch.com

Hi kennylim20 and
 
Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do soPlease download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)Please download Farbar Service Scanner (FSS) HERE and run it on the computer with the issue.
    Make sure the following options are checked:
        Internet Services
        Windows Firewall
        System Restore
        Security Center/Action Center
        Windows Update
        Windows Defender
        Other Services
   ... Read more

Read other 21 answers
RELEVANCY SCORE 61.2

I have a web site that I plan to put onto CD, i.e. use it locally. The site uses activeX controls hence it is no good for me to use Firefox (as far as I know there are no activeX controls for firefox). However since Firefox is my default browser, I was wondering if there was a coding way (C++, JavaScript, anything) to open this particular web page in IE.

I've been attempting to write C++ code to do this. So far I can open IE with:

system("\"\"C:\\Program Files\\Internet Explorer\\iexplore.exe\"\"");

I believe ShellExecute can be used to open web pages via the Default Browser (I haven't found any tags where I can choose a browser).

Anyone have a clue?
 

A:Solved: Opening web page with non-default browser

Read other 6 answers
RELEVANCY SCORE 60.8

Hi. I'm running Windows ME. Every time I've tried to open up an IE 6 browser today, my homepage has been set to something called "About:Blank" which seems to be some sort of spyware/ad ware. A massive flood of popups appears, and I have to restart the computer before they'll stop. I've tried running Spybot S&D and Ad-Aware, but nothing's helped.

I've also tried manually setting the homepage back through Start>Settings>Control Panel>Internet Options, but every time I click "OK" on the Internet Options window I get an error message and it changes back to the "About:Blank" page.

I seem to have several files in my registry that are causing this problem... I found them in Hijack This but when I've deleted them, they've come back every time I restart the computer. (I've included a log here).

Logfile of HijackThis v1.99.0
Scan saved at 8:26:34 PM, on 1/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\LEXMARKX73\ACMONITOR_X73.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FI... Read more

A:Browser / Home page Hijacked?

Read other 7 answers
RELEVANCY SCORE 60.8

I use Windows 98 (just to let u know).
My Internet Explorer (IE6) start page (previously www.yahoo.com) has been replaced by 'http://213.159.117.134/index.php'. I've tried changing my home page option in IE's properties back to www.yahoo.com, but the 'intruder site' keeps reseting the address field and coming back again...

I'll attempt to descibe what happens exactly once I'm connected to the net...
Once I've connected to the internet, opening IE takes me to 'http://213.159.117.134/index.php' , 'www.Cool Web Search.com', ’about:blank’, a few ads about fixing spyware on my pc and another window named 'tpx/open/console_out.php' or something like that...one after the other in succession...(then again, I’m not sure I got the order right…that isn’t important anyway…)

Once I get the 'tpx/open/console_out.php' window I find it necessary to close it immediately 'cuz if I let it load, it disconnects me from the internet , and my second attempt to connect back proves futile as I get a message saying 'The modem is being used by another Dial-up connection. Close the other connection and try again. ' (so I've learnt by experience...sigh...)

I don’t know if this message I encounter is related in any way to a Dail-up Connection dialog box which keeps popping up on my screen almost without reason randomly at any time, right from the moment I switch on my pc. This Dail-up Connec... Read more

A:IE browser start page hijacked

Hi and welcome to TSG,

First click: http://www.majorgeeks.com/download4086.html to download CWShredder, but don't run it yet.

Next click: http://securityresponse.symantec.com/avcenter/FxAgentB.exe to download the Backdoor.Agent.B Removal Tool from Symantec. Save the file to a convenient location, such as your Windows desktop.

Close all the running programs

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet.

Double-click the FxAgentB.exe file to start the removal tool.
When you receive the message telling you start any other applications, click OK.

Click Start to begin the process, and then allow the tool to run.
Restart the computer.

Run the removal tool again to ensure that the system is clean.

Be sure to save the log file the removal tool creates to post back here later.

Run CWShredder immediately. Click on the cwshredder.exe then click "Fix" (Not "Scan only") and let it do its thing.

Please download and run the following programs:

AD-AWARE

Go here: http://www.lavasoftusa.com/support/download/
and download Ad-Aware SE Personal

Install the program and launch it.

First, in the bottom right-hand corner of the main window click on Check for updates now then click Connect and download the latest reference files.

Then, in the main window: Click Start and under Select a scan Mode tick Perform full system scan.

Then, deselect Search ... Read more

Read other 1 answers
RELEVANCY SCORE 60.8

Hello,
 
I have a <1 year old Dell desktop all-in-one PC with recent Win 10 (2-3 months ago). Since the last week or so, I found every time I try to browse to Amazon.com in IE11 (either using a link or thru google or typing into the address bar) I get a very different webpage (see attached screenshot) instead of the normal Amazon homepage. Definitely not Amazon. I suspect my browser is somehow hijacked but can't figure out how to fix it. Ran Malwarebytes, adwcleaner, JunkwareRemovalTool, etc. Still the same problem. No other symptoms. The normal Amazon page loads perfectly using any other browsers on this PC. I'm worried someone else is going to try to browse to Amazon, click on the funky links, and try to log into the site and compromise thier credentials (this is a family PC). Any ideas on fixing this?
 
Thanks in advance.
 
******************** FRST Log Results: ************************
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bruce (administrator) on WINDOWS-9LL0EBA (22-03-2016 21:33:47)
Running from C:\Users\Bruce\Desktop\Computer Recovery
Loaded Profiles: Bruce (Available Profiles: Bruce)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (White... Read more

A:Hijacked Amazon.com page or IE browser

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please copy the entire contents of the code box below to the a new file.

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Task: {003C3763-7AE0-41D0-A9D1-3EA7A07B72B6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0C640F3D-2DCB-4DA7-99CE-210BCB5CC7FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {1D5937D7-E14E-4912-B4AA-C571579A3719} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {3760A705-8DEB-4E54-AE35-1EA64DDD022F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {45D8EB6C-ECAF-405B-BCCF-E4C6EA2933A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5229FC29-F7D5-433F-A92C-9D5A5CC5F792} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D23567C-BD60-473E-8008-7E8B8E031069} - \CLVDLauncher -> No File <==== ATTENTION
Task: {6C1A06C4-E6FE-44C6-A1C4-6E1627701036} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {87324F2D-80E3-4167-AF14-160FAB05F599} - \PCDEventLauncherTask -> No File <==== ATTENTION
Task: {8D2E3196-22C0-4571-B159-B6118E6026FA} - ... Read more

Read other 4 answers
RELEVANCY SCORE 60.8

Hi.I'm having a problem. I use google to search the internet and the normal looking results page opens up, but whenever I click on one of the links I get shuttled over to a site called virtualway.info.I'm running WinXP Home SP2Following is a copy of my Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:29:08 AM, on 4/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files&#... Read more

A:Browser Search Page Hijacked

Hello RobertaT and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more

Read other 4 answers
RELEVANCY SCORE 60.4

I have a problem with search engine results being hijacked. Nortons did not find anything...please help!
- Some search results take me to a page I did not request (redirect and jump appear in page tab after click). Seems to be random pages as no trend.
- Some results come up with Google "page not found" even though I know it is a valid web page
- I get pop up ads of a variety of kinds of advertising
- Something seems to be blocking updating some security updates like Ad-aware

Any help will be much appreciated. I have Hijackthis as that seems needed.
Thanks
 

A:Browser Hijacking - popups, page not found, wrong site problem

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:47 AM, on 24/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton SystemWorks Basic Edition\NswUiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Weatherzone Tracker\weather_tracker.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\Program Files\MSI\[email protected] AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\hijackthis\hijackthis\HijackThis.exe
R0 - ... Read more

Read other 2 answers
RELEVANCY SCORE 60.4

I don't use IE, I use Opera portable
It was not registered as the default browser which it is now,
Clinking on web links within applications (help & support links for example) opens the browser ok, but only to my start page, not to the intended web page.
Also, when I click on a HTML file, it does the same thing. Opens the browser to the start page, not the file.

It's not recognizing the link or the file.

I went through the URL Associations etc. in the registry and they all point to Opera. Protocols point to Opera also. I was successful the 1st time I tried this, but I don't remember exactly how that was different that this time. (I had to load a recent backup image for other unrelated problems left over from a bloated program I couldn't clean out).

Any ideas??

A:Web URL's in programs only open browser to the default start page

Original info from here;
How do I change my default browser to an unlisted program in Windows 7? - Super User

Read other 2 answers
RELEVANCY SCORE 60

Hey, so new to this site (as if my username didn't explain) and well...I have a problem. See, this is a laptop i use for school, and my homepage is always "myfastwebsearch.com". I changed the homepage, but that only works until i turn my computer off. I am well aware of deepfreeze, and this was like that before they put it on (they gave me a computer with a missing program, lol), so it'll make it harder to get off unless i ask then to temporarly remove it, but if someone tells me what to do, i will do it after it is taken off. Oh and by the way i did see something about myfastwebsearch in the log. sooo...this is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:25:27 PM, on 5/19/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Vi... Read more

A:Home page is wrong, think browser is hijacked

Read other 6 answers
RELEVANCY SCORE 60

My home page WAS www.msn.com but it now is www.quest.msn.com and cannot be changed back using Internet Options. I've tried the following:
1. Run CWShredder-didn't find anything.
2. Restored to a date I thought was before this problem began-problem still there.

I'm attaching my HIJack this log in hopes that someone can spot a problem.

I'm using XPPro, SP3.

Thanks in advance.
 

A:Solved: IE7 Browser home page hijacked

Sorry, I mean't it was hijacked by http://qwest.msn.com
 

Read other 2 answers
RELEVANCY SCORE 60

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by LizzieS (administrator) on LIZZIES-PC on 27-02-2015 23:02:12
Running from C:\Users\LizzieS\Downloads
Loaded Profiles: LizzieS (Available profiles: LizzieS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSv... Read more

A:Browser hijacked, pop ups and home page changed; help pls

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Using the Add/Remove programs applet delete this process in bold.SupplementPro (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{23afdfe}) (Version: - Software Publisher) <==== ATTENTION===Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CreateRestorePoint:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\loggingserver.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3033112 2015-02-27] ()
HKU\S-1-5-21-3205690185-1226381487-526044824-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3205690185-1226381487-526044824-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={BA7F367E-FF34-4DD2-A696-78D52072E23E}&mid=7e554bd70f4947d1b8a8cd3c4e3b7cac-c0abbc4fe6dc8ff5c2e9f541d3176252c2e5713e&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215av&... Read more

Read other 10 answers
RELEVANCY SCORE 60

I am trying to clean my daughter's computer. Windows XP.
I ran Symantic Antivirus - found and supposedly removed 1 virus. Ran the it twice more with no more viruses - but because the computer resources are fully used by some unknown factor - the virus check took over 10 hours.
I installed and ran Webroot SpySweeper. It found Trojan - Slob among other things. It quarentined those items and I deleted them. I ran it again and it found the Trojan again. I deleted it again. The next time I ran it, Slob didn't show up. Now the worst things showing up are: comet cursor, starware toolbar, superbar, and virus heat. I quarentined them.
The computer resources are not always fully used now. However, we have a problem with the web browser. - Internet Explorer 7.
Every time we go anythere, an error box pops up saying we have a virus and should click the button to download a virus cleaner. I need to press CTRL F4 to close the box as it does not appear in the Task Manager - Applications, nor does it appear on the task bar and I don't want to click on it anywhere. This appears sometimes two or three times before the browser will go to another page.
When we use Google to search, we come to a strange Google page. It has a big notice that the computer is infected with a virus. As well, a Utube porn picture. If you click on anything in the list of found items you get redirected to some other web site.

I ran Hijack This. Here is the Log:

Logfile of Trend Micro HijackThis v2.0.0 (B... Read more

Read other answers
RELEVANCY SCORE 60

Hi Folks, I had hoped that I would never need your help again after your sterling work cleaning up my system last year (*thanks* again!). But somehow something has slipped in...

I am unable to reset my IE homepage, it always defaults to: http://www.keyitaly.com/property/188881/gallery/ and occasionally when I key in a web address it goes somewhere completely different. I've run Adaware and Spybot SD and nothing is found.

I can see that you are extremely busy but any help you can give will be gratefully received. Below is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 8:27:21 PM, on 09-12-07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\RNA... Read more

A:IE browser hijacked - home page problem

Hello Countryboy,

If you still require assitance, I'd like a bit more information.

Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here, along with a new HijackThis log.

Read other 19 answers
RELEVANCY SCORE 60

Hello, I am a first time poster and I will try to follow protocol, but I apologize if I leave something out. My web browser (both Firefox and IE) has been hijacked by the "Error Page Assistant" a.k.a. "AppsWebService". It is very intermittent, and only affects a few odd URLs. Unfortunately, most of the time one of those URLs is google.com, so it's become an annoying problem. I have noticed several other posters to this and other forums have had a similar problem, and I have tried to follow a lot of the instructions in those other posts, as well as the recommendations in the tutorial and other pinned threads, including AdAware, Spybot, McAfee Enterprise Virus Scan, and the McAfee AVERT Stinger. None of these tools affected the problem at all. In attempting to follow some of the procedures outlined in other posts, I downloaded and ran HijackThis, and I removed a single program, although I can't remember the exact name. I also deleted (with backup) miscellaneous other processes that seemed malicious. Again, none of this changed anything. After all of this cleanup, I re-ran HijackThis and the log is included below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:09:11 PM, on 12/30/2007Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.ex... Read more

A:Error Page Assistant Hijacked My Browser

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Please post that log in your next reply.Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Read other 15 answers
RELEVANCY SCORE 60

hi, i am having a problem while browsing with firefox with search results being hijacked to various ad sites as well as slow page loading and was looking for some help. i will also mention that my outdated norton antivirus has recently stopped auto-protecting and i can't enable it as well as a notification in the system tray that windows automatic updates is turned off(which i want, but the notification itself is new). these symptoms all appeared at about the same time.

thanks in advance.

A:hijacked browser and slow page loading

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".Click OK to close the message box and continue with the removal process.Back at the main Scanner screen, click on the Show Results button t... Read more

Read other 4 answers
RELEVANCY SCORE 59.2

I seem to be having some severe problems with some sort of Hijack issue in my browser.
I use Windows XP and Google is my home page.
When I open my browser, all is good besides the Google pic takes a while to load. Google comes up but when I conduct a search it either tells me to check my connection (Connection unavailable) or it directs me to various different pages. Its definitely not a problem with my connection because I am using my laptop with the same connection. I have noticed that the actual Google home page is slightly different to its usual. There is no link to sign into my google account and there is a new header in the top left hand corner called: Shopping, which when I click on it I am signed into Google as [email protected] This is not me, clearly.
I have run various anti virus/spyware/malewale software but nothing seems to get rid of it. There is a new program installed called "Windows Protection Suite" which I never installed.
Please help?

A:Hijacked browser/Fake Google Home page

Moved from HJT to a more appropriate forum. Tw

Read other 2 answers
RELEVANCY SCORE 59.2

I have been infected with malware, and I was following the instructions of the good malware removal helpers at spywareinfo forums. I had posted a Hijackthis log, and had run the common utilities they asked for - Enwido Spyware, AVG Antivirus, Ad Aware SE, Spybot, Spyware Blaster, TREND Housecall etc. and they all came up with some various infections, but obviously not the one that was causing my main problem. They recommended I try to use an automated script - fixwareout.exe, in order to solve the problem. However, probably because of Teatimer or my ZA firewall, fixwareout did not work properly. I asked about this, but then the forum closed down. If someone here could help out, analyze my Hijack This log and explain to me why Fixwareout didn't work and if there is a rootkit problem, I would be very grateful.The infection hijacks my search page in both firefox and in IE7. It also slows down my browser a lot. Logfile of HijackThis v1.99.1Scan saved at 4:26:52 PM, on 2/22/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16414)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AccessManage... Read more

A:A Malware Infection Has Hijacked My Browser And Search Page

Welcome to BC doh! Download\install CleanUp.Launch CleanUp,then click on 'Options'.Now move the slider on the left up to 'Standard Cleanup!'.Click 'Ok',now run the program by clicking on the 'Cleanup' button.Reboot,or log off/log on when it's finished.****************************Download DelDomains.zip and extract/unzip it to your desktop:Now right click on Deldomains.inf 'Install'.After right clicking on Deldomains.inf 'Install' it appeared nothing happened,this is normal.****************************Download and run Fixwareout from the link below: http://www.bleepingcomputer.com/files/lonny/Fixwareout.exeAfter the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply,along with a new Hijackthis log.

Read other 12 answers
RELEVANCY SCORE 59.2

My IE start page has been hijacked by clicksearchclick.com. Whenever I start the browser it goes to thier site. Here is the Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:39 AM, on 5/8/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINNT\System32\Services\{F34DB3AA-9BB6-45E8-B1A8-75435820E9E9}\SVCHOST.EXE
C:\WINNT\winos.exe
I:\IMC\MPS\iIMCLAN.exe
C:\WINNT\System32\ImcMSGC2.exe
I:\IMC\MPS\Console.EXE
I:\IMC\MPS\PL.EXE
I:\IMC\RMS\Records.exe
I:\IMC\RMS\CASEMGMT.EXE
C:\Documents and Settings\ca3583\Desktop\Repairs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/search.php?aff=7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://info
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [TCASUTIEXE... Read more

A:Solved: browser start page hijacked by clicksearch

Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/search.php?aff=7

O4 - HKLM\..\Run: [Service Host] C:\WINNT\System32\Services\{F34DB3AA-9BB6-45E8-B1A8-75435820E9E9}\SVCHOST.EXE

O4 - HKLM\..\Run: [windhost.exe] C:\WINNT\winos.exe

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...bridge-c445.cab

O21 - SSODL: System - {F54C3836-9D1C-45E8-9D0B-B11F760595B5} - ssvmc.dll (file missing)

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer then click Tools > Folder Options. In Folder options click on the View tab. Under Files and Folders tick "Show hidden files and folders" then uncheck "Hide file extensions for known file types" and uncheck "Hide protected operating system files (recommended)". Now click "Like current folder" then "Apply" and "OK"

Now find and delete this file:

C:\WINNT\winos.exe

Delete this folder:

C:\WINNT\System32\Services

Also in safe mode navigate to the C:\WINNT\Temp folder. Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box. The Temp folder will open. Click Edit > Select All then Edit > Delete to delete t... Read more

Read other 3 answers
RELEVANCY SCORE 59.2

Hi All. this is the first time I'm using the forum. Would appreciate any help please.

Everytime I go to my toolbar in explorer to review internet options, the home page is set as

res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784

Every time I try to change it to the default page I want http://www.google.com/, it changes it in the box but when you check back it reverts back to

res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784

I haved scanned with SpyBot S&D and used AVG but have had no luck. I have windows 98, yes I know I'm way behind the times! I'm not an expert but ran regedit yesterday and found the above entry under HKEY_CURRENT_USER/Software/Microsoft/InternetExporer/main. The above value data is linked to the value name "Start Page". I tried modifying the data to google, but again it reverts back!

Would someone be able to help me with this and guide me with what I should do?

Many thanks.
 

A:Solved: Browser start page hijacked, can't change . Please help!

Read other 16 answers
RELEVANCY SCORE 58.8

Unwanted Favorites on Boot(Porn Site and Search site)
Already ran Spybot.
Can any one help with clearing up this problem?
How can it be avoided in the future?
Here is my scan...

Logfile of HijackThis v1.97.7
Scan saved at 8:14:40 PM, on 12/8/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\HOMENETWORK\ICM.EXE
D:\PROGRAM FILES\AVKSERVICE.EXE
D:\PROGRAM FILES\AVKWCTL9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\OAKTASK.EXE
D:\PROGRAM FILES\OAK SIMPLICD REWRITE\IWCTRL.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\HOMENETWORK\ICMMONITOR.EXE
D:\PROGRAM FILES\AVKPOP.EXE
D:\GREETINGS WORKSHOP\GWREMIND.EXE
D:\OFFICE\FINDFAST.EXE
D:\PROGRAM FILES\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\ZCAST.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\epspmgr4.exe
C:\WINDOWS\SYSTEM\epdsplr4.exe
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://6... Read more

A:Unwanted Favorites on Boot(Porn Site and Search site)

Read other 8 answers
RELEVANCY SCORE 58

If I do a search with Google using Firefox, I get a list of links that my search finds.When I click on any of these search links it goes off to a different page. I've had it go to spyware sites etc......... My browser appears to be being hijacked.I have tried Combofix, Malwarebites, Spybot, Stopzilla etc and although they seem to find things and remove them, the virus does not get removed.I have attached the following logs as requested.-DDS.txt, attach.txt and ark.txt. I've also added a hijackthis log for good measure.Any help would be much appreciated.DDS (Ver_09-10-26.01) - NTFSx86 Run by Bob at 15:04:08.13 on 31/10/2009Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_15Microsoft? Windows Vista? Home Basic 6.0.6002.2.1252.44.1033.18.1789.548 [GMT 0:00]SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\Syste... Read more

A:When I click on a search link in Google, It goes to a different page. My browser appears to be hijacked.

Hi,
I'm new to this forum and am unsure if I should be doing anything else.
Will someone be looking / advising me about gthis problem or is there something else I should be doing.
Many Thanks,

Read other 5 answers