 |
|
| Browse | Ask | Answer | Search | Join/Login |
|
|
||||
|
Browser being hijacked
Hi, my browser has been hijacked, and every time I click an result in Google I get redirtectyed to an undesirable site, have ran nod32 and spy sweeper both as administrator in safe mode without result.
Here is the latest hijsckthis is as follows gfile of HijackThis v1.99.1 Scan saved at 21:09:50, on 3/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\cFosSpeed\spd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\MioNet\MioNetManager.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\MioNet\jvm\bin\MioNet.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\cFosSpeed\cFosSpeed.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Mio Technology\MioSync\mioSync.exe C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\Documents and Settings\hupla\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\.. \Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\.. \Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\.. \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\.. \Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\.. \Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" O4 - HKLM\.. \Run: [HPWG myPrintMileage Agent] "C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe" O4 - HKLM\.. \Run: [IMJPMIG9.0] "C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.E XE" /Preload /Migration32 O4 - HKLM\.. \Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\.. \Run: [BigDogPath] "C:\WINDOWS\VM_STI.EXE" Philips SPC 200NC PC Camera O4 - HKLM\.. \Run: [cFosSpeed] "C:\Program Files\cFosSpeed\cFosSpeed.exe" O4 - HKLM\.. \Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl, BluetoothAuthenticationAgent O4 - HKLM\.. \Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\.. \Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" O4 - HKLM\.. \Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\.. \Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" O4 - HKLM\.. \Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\.. \Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\.. \Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\.. \Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: MioSync.lnk = C:\Program Files\Mio Technology\MioSync\mioSync.exe O4 - Global Startup: TrayMin200.exe.lnk = ? O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files\Tweak%20Marketing\Advanced%20Em ail%20Extractor%20Pro\AeePMsie.dll/link.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - Unknown owner - C:\Program Files\cFosSpeed\spd.exe" -service (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing) O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Please help Thanks Joe |
||||
Originally Posted by Curlyben's maintenance tips
|
||||
|
Hi Curlyben,
I have ran both spy sweeper and Nod32 in safe and normal modes several times, (I have been fighting this thing on and off for 4 days now), I also have SpyBot installed and updated. I regularly defrag my system, and surely will get ridd of junk files , thanks for the suggestion. But, I'm sure that is not going to fix my problems, however, I will try this free cleaner, as it's the only one I have yet to run. Will get back to you in a min. Thanks again Joe |
||||
|
||||
|
My recommendation of Adaware and Spybot is from experience as they catch 99.9% of malware.
While you are in Safe Mode change you browsers home page and use Spybot to LOCK it down. Spybot does a lot more than just scanning your system, it stops infection, locks important system files and has a real time scanner (teatimer). Also try using Firefox instead of the insecure IE ;) |
||||
|
||||
|
Try running your log though this scanner -- note the disclaimer please -- Savage
HiJackThis! Log auto analyzer V2 |
||||
|
||||
|
Ran Ad aware , cclean and still no result, I still get the stupid excuse for a browser site + a pop up advertising adult content, I also have spy ware terminator (currently this abled) Windows defender (enabled), but when I tried Google after getting rid of some cookie files etc I still got diverted? Help!
Joe |
||||
|
||||
|
I personally don't like Norton very much, find it really slows down everything, I was very happy for the last couple of years with Nod32, but delayed the new registration for a couple of weeks and that's when I got infected!
I guess the only way is trough some guy who knows his hijackthis very well, I have ran spybot several times, and also all the others as I said, so I really feel that its not something which will be detected, rather something that I have installed unknowingly, and clicking yes to something totally different but that's what was hidden underneath ( I guess) Any other sugestions? Thanks for yr help Joe |
||||
Not your question?
Ask your question
View similar questions
| Question Tools | Search this Question |
Add your answer here.
Check out some similar questions!
Browser getting hijacked
[ 10 Answers ]
I need help. My broswer keeps getting hijacked??
Hijacked browser with Hijackthis log
[ 6 Answers ]
Hi there, I was wondering if anyone could possibly help me with this issue. I sem to have a hijacked browser. Every time I search a site on Google and click on it, it open up another website that I didn't search. My PC also seems to be rnning much slower , like the memory is very low. ...
Hijacked
[ 4 Answers ]
My computer has been hijacked by something called internet optimizer. How do I get rid of it?
My browser is being hijacked...
[ 6 Answers ]
Every time I open a browser window it changes to "Searchfrombrowser". I google'd it and I think it's part of NewDotNet but I can't find ANYTHING that will get rid of it. Any suggestions? Many thanks! GWI :-/
Hijacked Browser
[ 2 Answers ]
I got to this forum because I did a search for "DSO," which is what spybot said I have. I think I effectively removed it following all previous instructions. Thanks. But, my problem still remains... When ever I open IE browser it is hijacked to http://ssearch.biz/?wmid=1010 and I can't use the...
View more questions Search
|
