Log in

View Full Version : Browser hijacker?

sillygirl
Sep 3, 2008, 04:06 PM
Hi,
I've picked up a redirect/browswer hijack bug ,as yet none of my security measures have picked it up ,
But I can't access any web pages other than ad sites.

So I'm posting my hijackthis log could somebody please have a look at it for me .

I'm running xp sp3
sillygirl
Sep 3, 2008, 04:08 PM
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
Scleros
Sep 3, 2008, 05:58 PM
I don't recognize C:\WINDOWS\kdx\KHost.exe (doesn't mean it's not legit). Also, it may be a browser helper object that executes in the context of Internet Explorer and won't show up in the process list without a utility to show all loaded modules like Process Explorer (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx). Look at the start page and BHO sections of the Hijack log or the IE add-ons interface. Also check contents of hosts file in %SystemRoot%\system32\drivers\etc\.

Firefox?
invisibleman_productions
Sep 9, 2008, 09:06 AM
Hi sillygirl

Your hijackthis log is incomplete . We need to see the 01 ,02 ,03 entries .To know what is causing the browser re directions.

Also run the 3 programs listed below

1. Run Malwarebytes Anti-Malware
Spyware Fighter: Malwarebytes' Anti-Malware (http://spywarefighter.blogspot.com/2008/06/malwarebytes-anti-malware.html)

2. Run Superantispyware
Spyware Fighter: SUPERAntiSpyware Home Edition (free version) (http://spywarefighter.blogspot.com/2008/06/superantispyware-home-edition-free.html)

3 . Run a complete scan with Dr. Web CureIt
Spyware Fighter: Dr. Web CureIt (http://spywarefighter.blogspot.com/2008/06/dr-web-cureit.html)

Use Firefox or Google chrome to prevent browser redirection.