Computer Support Forum

Xpoint? Possible hijacking?

Question: Xpoint? Possible hijacking?

Sygate gave me message log saying that a program called Xpoint is possibly hijacking. I found the file folder and from my understanding it is rapid restore, i scanned it with avg but it didnt detect anything. its been doing it for about two weeks and i keep blocking it, but ever since it started my wireless connection mbps has went to crap, I dont know if the two are connected but any help would be appreciated.

thanks

Relevance 100%
Preferred Solution: Xpoint? Possible hijacking?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Xpoint? Possible hijacking?

Did you install the software Xpoint yourself, is it listed in Add/Remove?


If it is listed in add/Remove or has an uninstaller and you dont want it uninstall the software, seems as in one of the files ( XPAgent.exe ) from that program flags up a false positive with some AnvtiVirus apps.


but also follow the guide below to rule out other malware,



Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.





- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
Click to expand...


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis


When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

3 more replies
Relevance 51.66%

Intel and Micron held a joint press conference earlier today to announce a breakthrough memory technology called 3D Xpoint (pronounced 3D crosspoint) that's up to 1,000 times faster (read speeds) than today's NAND, features 1,000 times better endurance and is...

Read more
 

Answer:Intel and Micron announce 3D Xpoint, a new memory technology that's 1,000 times faster than NAND

I hope this really brings about the death of the hard drive. And it can't come soon enough.

Gimme a 1 TB Xpoint SSD that doesn't break the bank and I'm sold.
 

13 more replies
Relevance 51.66%

Intel's annual developer conference / mini trade show kicked off earlier today in San Francisco. Among the topics of discussion during the keynote was 3D XPoint, the new memory technology that Intel announced late last month.

Read more
 

Answer:SSDs based on Intel's 3D XPoint technology will arrive next year under the 'Optane' brand

I swear that Intel and a handful of other tech companies use the same 12 year old kid to name their new products and technologies. What's next the Hexa-cuda or the Barra-Hexa-tane?
 

4 more replies
Relevance 32.39%
Question: Hijacking ?

I'm new here. I'm getting help here to remove a "link" that has Hijacked my Internet browser. What little time i've had for the past couple of days.there are alot of Hijacks going on. After I get rid of this Hijacker problem.is there something (Microsoft, etc) that will not let this happen? I'm not a computer guy...but it sure seems like a "rampant-problem" or is it just been going on for awhile, just didn't notice. Sorry if this is in the wrong thread...

Barney
 

Answer:Hijacking ?

Hi, I have seen your other thread. Yes, there are other tools you can get for free that will help you.
But, wait till after you get all cleaned up.
Two are called spyware preventers....Spyblaster and SpywareGuard. They help keep this stuff from instaling itself, they also update like your antivirus program.
Spyware "removers" include AdAware 6.0 and SpyBot Search and Destroy 1.2- they also update online like above.
The program you have been seeing, HijackThis, is a specialized removal tool that is not automatic, it shows the good processes as well as the "bad Guys" and should not be used without expert help, which this forum gives.
CWShredder is a tool to get rid of several types of hijackers....it updates very frequently as new ones seem to be arising daily.... it can be used by anyone, and is automated so you cannot really make a mistake with it. There are some very recent varieties of hijackings that are apparently not being fixed all the way, but good progress is being made, and the experts here can get things working.
HijackThis-and
SpyBot-and
AdAware-----these do make backups of what they remove.

If someone is helping you with removing this stuff, and asks for a fresh Hijackthis log, please supply one.
We will see how things go....if there is any further problem just reply back to this thread. The Security forum is the main one for your present type of problem.
 

2 more replies
Relevance 32.39%

Hello,
I am having multiple Internet Explorer windows opening.
When i open Internet Explorer 2 other windows open on web site like FREE6.SE, or randomsite....

Can someone help me please?
Logfile of HijackThis v1.98.2
Scan saved at 20:59:35, on 21/11/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\S... Read more

Answer:hijacking, please help me

12 more replies
Relevance 32.39%
Question: Hijacking???

Just going to guess here... But some how I have an "ISEARCH" tool bar on my IE... I assume that is what hijacking is??? If so How do i get rid of it???

I have AOhelL's spybot... I ran it and deleted what it found... But it's still there... Please help...

Thanks Guys/Gals...
Brian
 

Answer:Hijacking???

8 more replies
Relevance 32.39%

I need help. Something has taken over my computer (XP operating system) so that when i open up the internet my home page gets hijacked to res://rkbtg.dll/index.html . I've tried renaming that dll but it just regenerates a new one. If i go under internet options and change the homepage it just reverts right back to the dll page. Below is a copy of my hijack this log...i'm hoping somebody, somewhere will help. thanks

Logfile of HijackThis v1.97.7
Scan saved at 10:16:08 AM, on 6/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\ntl... Read more

Answer:help with hijacking

13 more replies
Relevance 32.39%
Question: Hijacking AIM

does anyone know a program that will let me mess with their computer trew AIM? i downloaded something called aimaster3. its ok...if it only did wat it claims to. u make the person download a file (server.exe) and then u open "client" and type the person's screename and theres a list of things that u can do like open there cd-rom drive...launch a url...all the way to malicious things like, delete folder...fill harddrive...reboot, ect. im just looking for something that will mess with my friend's computer.
>
cuz right now im a an advanced website design class that im taking, and we use AIM to chataround and wat-knot. cuz we're lazy and would rather im someone than get up and ask. and it be funny to be able to control someonces computer from mine, and watch their re-action. But its all fun-n-games. no real harm.
Thanx in advanced,
_2roll
 

Answer:Hijacking AIM

I do believe that this would be illigal and is not allowed on HelpOnThe.Net.

From the Forum Rules:
Other Illegal Activities - As you might expect, we don't want anything illegal going on here. Users cannot post hacks, cracks, pirated software, or anything of the like. Furthermore, we do not allow instructions on how to complete illegal activities, such as pirating. Please don't ask for advise on using illegal software, as it will be removed.Click to expand...
 

1 more replies
Relevance 32.39%
Question: Another Hijacking

Well, I tried to remove it to the best of my ability by running S&D, then Hijack This, and then CWShredder, but I guess I didn't remove everything I needed to. Can someone check this HT log for me?

Logfile of HijackThis v1.97.7
Scan saved at 6:18:43 PM, on 4/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Programs\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
F:\Programs\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rewards Network\brntray.exe
F:\Programs\Winamp\winampa.exe
C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Prog... Read more

Answer:Another Hijacking

Problem solved...ran AdAware then ran Search and Destroy again, and everything was fixed.
 

1 more replies
Relevance 32.39%
Question: Hijacking

I believe there is something hijacking my computer from what I've read on your other forums. When I search something in google and click on the link it redirects me to a different site.

I downloaded hijack this and am getting a message when the notebook opens saying it can't save my log.

The error message is as follows:
Cannot find the C:\Program Files (x86)/Trend Micro/HiJackThis/hijackthis.log file.
Do you want to create a new file?
 

More replies
Relevance 32.39%

Hi All,

I think I have been hijacked by searchv. Can someone please help me. My registry is below.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TDispVol.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CARL ZAMZOW\Local Settings\Temp\Temporary Directory 9 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.... Read more

Answer:Need Help with Hijacking

CarlZ

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/www.searchv.com/w/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/w/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchv.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchv.com/w/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.searchv.com/w/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.searchv.com/w/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.searchv.com/w/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchv.com/w/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchv.com/w/

C:\Documents and Settings\CARL ZAMZOW\Application Data\winshow\winshow.dll

O4 - Global Startup: MSupdater.exe

Restart to Safe Mode: press f8 on startu... Read more

3 more replies
Relevance 32.39%

Thanks in advance...

I search yahoo for lyrics a lot. Sometimes, Like 10 popups will come up and then funny things will happen to my pc.

I ran a Hijack this scan and these were the results.
I am way too stupid to figure out what is good and what may be harmful.
Can someone let me know what to get rid of.

Thanks again.

Matthew

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\MSMGT.EXE
C:\PROGRAM FILES\VERIZON ONLINE\WINPOET\WINPPPOVERETHERNET.EXE
C:\PROGRAM FILES\VERIZON ONLINE\SUPPORTCENTER\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\SLMSS\SLMSS.EXE
C:\WINDOWS\MWSVM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rightfinder.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.rightfinder.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,... Read more

Answer:Help with Hijacking???

16 more replies
Relevance 32.39%
Question: Possible Hijacking

Downloaded a free CD Ripper and got more than I bargained for. It loaded some URLs on my desktop, made IE my default browser (I use Firefox), deleted restore points, removed MS Security Essentials. I was able to add the Security back, but it won't let me update definitions. Requested files follow.

SysInfo
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 4
Processor Count: 1
RAM: 1535 Mb
Graphics Card: NVIDIA GeForce4 MX 420 (Microsoft Corporation), 64 Mb
Hard Drives: C: Total - 76253 MB, Free - 21569 MB; F: Total - 238472 MB, Free - 158230 MB; G: Total - 238464 MB, Free - 225458 MB;
Motherboard: Dell Computer Corp.,
Antivirus: Microsoft Security Essentials, Updated: Yes, On-Demand Scanner: Enabled

HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:16 PM, on 5/31/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\drivers\CDAC... Read more

Answer:Possible Hijacking

9 more replies
Relevance 32.39%
Question: DNS Hijacking

I have a laptop running XP-Pro Ser Pk 3 with all the latest updates. The system is running AVG 8 with all the latest updates.

The machine was infected with some sort of malware that I never completely identified (could be a Trojan of the ?Google redirect? type) . I deleted some bogus dll files that were created at the time of the infection. There doesn't SEEM to be any virus activity going on, but it appears that the TCP stack/DNS service has been corrupted and I cannot get it back to normal.

I tried using Spyware Dr, malwarebytes, and combo-fix. None of these tools will run. They all have an issue with updating. I tried HiJackThis and scans from AVG. The HJT log had a couple of bad entries that I cleaned out.

When I do a ping test I get interesting results. Most any site will respond back from the DNS servers with the correct address. But any security type site reports back a "Could Not find" type answer and the site referenced is the localhost 127.0.0.1. Only security type sites seem to fail. I used a clean machine to ping AVG. I can then type the returned address in the address bar of the infected machine and reach AVG that way.

I have tried WinSock fix, fix lsp, msconfig, HJT, CC cleaner, malwarebytes, combofix, Spyware Dr. I have been in the registry and deleted all of the old WinSock keys. I have removed and reinstalled the TCP stack. I have run the TCP repair commands via the command line using netsh. I deleted the host file in \system32\d... Read more

Answer:DNS Hijacking

I would say to run SmitfraudFix and see if it spots a DNS hijacker.This is Part 1Please download SmitfraudFixDouble-click SmitfraudFix.exeSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.http://www.beyondlogic.org/consulting/proc...processutil.htm

4 more replies
Relevance 32.39%
Question: URL Hijacking

I have been experiencing URL hijacks when I click on search results from Google.I am running on a Dell laptop with Windows XP.Below are the results from D.D.S.I did not include GMER results, as my computer BSOD-ed 3 times from trying to run GMER.I have run Lavasoft's Adaware and Malwarebytes' Anti-Malware, with no resolution to this issue.Any suggestions would be great, as I have run out of ideas.Thanks,MikeDDS (Ver_10-03-17.01) - NTFSx86 Run by Mike King at 18:20:05.59 on Mon 08/23/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.405 [GMT -4:00]AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\WINDOWS\system32\cisvc.exeC:\Program Files\Soluto\SolutoService.exeC... Read more

Answer:URL Hijacking

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

2 more replies
Relevance 32.39%

Hi there,I'm new to this forum, my daughter has just discovered that i i have problems on my computer and i have no idea what to do. She had problems before and found help on here and since then everything has been fine so i thought i'd try this out too She tells me that i have something wrong with my homepage (i'm getting search pages instead of my usual homepage at startup), i'm also getting pop ups telling me i have al these virus'. I have symnatec on my computer which doesn't seem to be picking anything up. Can anyone please help me?Would be very much appreciated!Thank you in advance.Paul. Logfile of HijackThis v1.99.1Scan saved at 11:18:07, on 20/03/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exeC:\PROGRA... Read more

Answer:Possible hijacking!?!

Hello,Adaware SE can deal with this..Download the latest version of Ad-Aware:http://www.lavasoft.de/support/download/After installing AAW, and before running the program.Please be sure to update the reference file following the instructions here:http://www.lavahelp.net/howto/updref/* Reboot into Safe Mode`: !!important!!?To get into Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.Reconfigure Ad-Aware for Full Scan:Launch the program, and click on the Gear at the top of the start screen.Click the 'Scanning' button.Under Drives, Folders and Files, select 'Scan within Archives'.Click 'Click here to select Drives + folders' and select your installed hard drives.Under Memory & Registry, select all options.Click the 'Advanced' button.Under 'Log-file detail level', select all options.Click the 'Tweaks' button.Under 'Scanning Engine', select the following:'Unload recognized processes during scanning.'Under 'Cleaning Engine', select the following:'Let Windows remove files in use after reboot.'Click on 'Proceed' to save these Preferences.Run the Ad-Aware scan and allow it to remove everything it finds.Reboot back to normal mode and post a new hijackthislog.

10 more replies
Relevance 32.39%

Hello! I am having trouble with my computer and have had little luck with other message boards, most recently Dell. This is new to me, and I am sure that I am not including all of the pertinent info, so any guidance would be appretiated ; )Last weekend I ran PestScan and found CWS. I tried to update Microsoft updates to no avail... generated the following error message:"Files that are required for windows to run properly have been replaced by unrecognized versions. To maintain system stability, windows must restore the original versions of these files.The network location from which the files should be copied, c:\\windows\servicepackfiles\i386/controls.man, is not available."Since then, I have downloaded all Windows updates (successfully, I hope); ran: PandaScan, PestPatrol/PestScan, CWshredder (in safe mode), SpyBot, Ad-aware (custom)... I also upgraded to ZoneAlarm Security Suite. Please help!!!!Here is my log...Logfile of HijackThis v1.98.0Scan saved at 12:34:50 AM, on 7/20/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\s... Read more

Answer:Help w/Hijacking pls

I really do not see much here, but lets clean it up a bit.Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:Viewpoint ManagerThen I want you to fix some of those entries. Please do the following:Please make sure that you can view all hidden files. Instructions on how to do this can be found here:How to see hidden files in WindowsRun Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix buttonR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)Reboot your computer to go back to normal mode and post a new log.

6 more replies
Relevance 32.39%
Question: Hijacking

Everytime I turn on my computer there is a new home page that took over my machine.It is called slotch.com.I can go to another search engine like Google or Yahoo,But Slotch is on when I turn on my computer .How can I get rid of this annoyance?
 

Answer:Hijacking

I fixed it ,I went to my tools menu and I deleted Slotch, and put my default webpage in .
 

1 more replies
Relevance 32.39%
Question: ie is hijacking me

help, every two weeks or so when i press the internet button on my keyboard or desktop link it loads up ie, instead of firefox like i set it up to do. i have gone so far as to block ie's access to the internet through my nortons firewall. intrestingly if i try opening ie it is blocked correctly, just every so often ie "sneaks in". spybot asks if i want to allow the change and i tell it no and remember this decision. haven't run anything like hijackthis yet, still just an annoyance, but it is starting to piss me off. it's a good reminder of how evil ie is. any ideas?
 

Answer:ie is hijacking me

What is the keyboard button programmed to do? Can you post screenshots of the software that came with it, showing what the button assignments are?

What is the desktop icon a shortcut to? Can you post a screenshot of the properties of the file?
 

1 more replies
Relevance 32.39%
Question: DNS hijacking

Hello,
 
I've been trying to figure out something on our office network for a week now. It began when I noticed that woot.com was very slow to load and saw that it was
hanging up waiting for www.google-analytics.com. 
 
I ran AdwCleaner and Malwarebytes but neither found anything.
 
Further digging revealed that the DNS address for www.google-analytics.com was being redirected to 82.163.143.98 which ends up in Israel going to
bezeqint.net. The TRACERT ends up failing going to it as does ping which returns nothing.
 
The DNS settings on the computers were unchanged as were the hosts files. The computers are on a domain, and they have the server listed as the first DNS provider and our router listed as the second. I was unable to find anything suspicious on the server, so I checked the router.
 
The router is a Linksys WRT1900AC. If I unplug the router and plug it back in, the problem goes away for about 24 hours then returns, which led me to suspect the router. I updated the firmware, but to no effect. 
 
I changed the DNS settings on the router to openDNS and removed the DNS entry to the router, but didn't fix it. 

If I do a ping from the router diagnostics, it works correctly at all times.
 
I still haven't ruled out an issue with our server though as I have one workstation that doesn't really get used so I removed it from the domain and changed the DNS settings to openDNS and that workstation seems unaffected while the... Read more

Answer:DNS hijacking

I'm having the same issue.  I also have a WRT1900AC.
 
I ran host -a www.gstatic.com and it was pointing to 82.163.143.98

more replies
Relevance 32.39%
Question: DNS hijacking

Hello,
 
I've been trying to figure out something on our office network for a week now. It began when I noticed that woot.com was very slow to load and saw that it was
hanging up waiting for www.google-analytics.com. 
 
I ran AdwCleaner and Malwarebytes but neither found anything.
 
Further digging revealed that the DNS address for www.google-analytics.com was being redirected to 82.163.143.98 which ends up in Israel going to
bezeqint.net. The TRACERT ends up failing going to it as does ping which returns nothing.
 
The DNS settings on the computers were unchanged as were the hosts files. The computers are on a domain, and they have the server listed as the first DNS provider and our router listed as the second. I was unable to find anything suspicious on the server, so I checked the router.
 
The router is a Linksys WRT1900AC. If I unplug the router and plug it back in, the problem goes away for about 24 hours then returns, which led me to suspect the router. I updated the firmware, but to no effect. 
 
I changed the DNS settings on the router to openDNS and removed the DNS entry to the router, but didn't fix it. 

If I do a ping from the router diagnostics, it works correctly at all times.
 
I still haven't ruled out an issue with our server though as I have one workstation that doesn't really get used so I removed it from the domain and changed the DNS settings to openDNS and that workstation seems unaffected while the... Read more

More replies
Relevance 32.39%

Ask.com infected my Mac. Every new tab came up with the blasted Ask search page instead of the Google favorites page I'd set up. It ignored my Firefox settings. I was going crazy.I remembered that this had started after I installed something called MyTransitGuide. I removed that via the add-ons page and Hey presto! No more g****m Ax page!!

Answer:How I kept Ask.com from hijacking every new tab on my Mac

This is one (free) useful "pest" remover for Mac:http://filehippo.com/mac/download_c...And this is the Mac version of an excellent windows app - malwarebytes:https://www.malwarebytes.org/antima...Wouldn't hurt to run the above utils regardless?Avoid Mackeeper like to plague; it has a reputation of creating havoc and allegedly is a pain to remove it (and it's side effects). As already advised... when installing "anything" from the web - use the manual/custom option; "never" the automatic option. And carefully look for and uncheck all those pre-checked boxes (which have been so "helpfully" checked for you). That way you will avoid "most" of the usual pests that are so kindly and freely offered "for your use, delectation and whatever"...There is another utility (windows only at present) which will also seek out and uncheck a lot of those nuisance boxes for you - "unchecky". But still wise to double check via manual/custom option regardless. JohnW down near the Antarctic mentioned it a while back as a useful tool in one's armoury Pity it's not available for Mac...

11 more replies
Relevance 32.39%
Question: DNS Hijacking

I have my DNS settings set to automatic but it keeps changing to a public dns server. No matter what I do it populates the box with this IP. I'm guessing this is some type of malware but I ran a scan and found nothing and yes my definitions are up to date. Any ideas?

Answer:DNS Hijacking

Try flushing the DNS cache and restoring MS's Hosts file:

Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

2 more replies
Relevance 32.39%

Hi Everyone,

First post here...

Running Windows 7 Enterprise 32 bit, fully updated.

I run ZoneAlarm, Spybot, Adaware, Spywareblaster, and CCleaner, as well as AVG.

I've been infected with:

1. Results5Google Hijacker
2. lfazib.exe (moved to virus vault by AVG)
3. lmk.exe
4. lml.exe

Can someone please help me get out of this mess?

THANK YOU in advance...much appreciated to the experts!

Maitai

Answer:Help With Hijacking, Please...

Also, I deleted Spybot because it was no longer working...now I can't install it at all

1 more replies
Relevance 32.39%

I can't not go to the McAfee web page no matter what I try. I have run all of the spyware programs including Ad-Aware, Spybot and Spyware doctor. When I try to go to McAfee.com my broser returns to my home page and performs a internet search for McAfee. The following is displayed quickly on the IE Address line: http://eimg.net/sw/win/5/2/rd601.htm...www.mcafee.com prior to being overwritten by: http://search.earthlink.net/search?a...www.mcafee.com.

I have included the log from Hijackthis.

Logfile of HijackThis v1.99.0
Scan saved at 9:48:29 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Atievxx.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
c:\progra~1\mcafee\MCAFEE~2\MssSrv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\... Read more

Answer:Help with a Hijacking

Hi and Welcome to TSF

I would be willing to bet your ISP carrier is at fault for installing all that garbage Earthlink crap. The first link you provided is a redirect from the "My Earthlink" site and then your redirected back to earthlink for a search.

So basically...Earthlink has hijacked your PC!

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running. Ad-Aware? SE Personal Edition
Spybot Search & Destroy
CWShredder

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Run hijackthis and fix these entrys...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/mo...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/mo...ton/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search

Let me know if that solved it. I would contact your ISP and see whats required for your internet access. Then remove all the extra Earthlink entrys..like the toolbar and such. If you... Read more

1 more replies
Relevance 32.39%

My ISP is PeoplePC, and up until now, I've had no problems. But when I started my pc this morning, the dial-up connection box was displayed.
It said connect to PeoplePC but the username was messed up and the domain name was wrong.
It said - ISP6#[username]@auntwillie.com

Here is the HJT Log...

Logfile of HijackThis v1.99.0
Scan saved at 9:13:57 AM, on 8/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\PeoplePC\ISP6130\Browser\Bartshel.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\PeoplePC\ISP61... Read more

Answer:Possible Hijacking?

Hi and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted by our Team. Click the "Thread Tools" button located in the original thread line and select "Subscribe to this Thread".

You are currently running an outdated version of HiJackThis. Please click on the link below to download the latest version:HiJackThis_sfx.exe
Delete your current HiJackThis.exe file
Double-click on the file you just downloaded.
Click on the "Unzip" button to install the newer version.
It will by default install to the directory - C:\Program Files\HiJackThis\
I require your next HJT log to be from this newer version

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Download LSPFix.exe

UNPLUG THE COMPUTER FROM THE INTERNET ONVE YOU HAVE FINISHED DOWNLOADING

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel->Add/Remove Programs: New Dot Net

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER PROGRAMS & ALL OPEN WINDOWS
Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/search

= = = = = = = = ... Read more

11 more replies
Relevance 32.39%
Question: help for hijacking

I have attached 3 of the 4 files as stated n the read file, the gmer application kept freezing so I could not get it.

Any help is appreciated

My browser keeps redirecting and I cannot access many antivirus websites or microsoft updates
 

More replies
Relevance 32.39%

Hello all,
I was wondering if i could get some help on my highjacking log. I already have CWShreder and spybot. Any help would be great, heres the log and thanks!!!
Logfile of HijackThis v1.97.7
Scan saved at 11:47:30 PM, on 5/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\temp\JO.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\Desiree\Application Data\ttuh.exe
C:\WINDOWS\System32\wnsapitr.exe
C:\... Read more

Answer:Help with hijacking log please

Closing duplicate, please reply here:

http://forums.techguy.org/showthread.php?t=230046
 

1 more replies
Relevance 32.39%
Question: hijacking

Help! My E-mail has been hijacked! I am receiving about 500 messages a day saying that Mail messages I have sent are undeliverable. I wiould buy an anti virus/spam blocker program, but if I plunk down $40 for one, I want it too work. My ISP told me I can't be sure one of these programs will work, but they are my only hope. I downloaded the program you all suggested in above post. Here is the log. Can someone help me to suggesta good anti virus/spam blocker program or help through this log:

Logfile of HijackThis v1.98.2
Scan saved at 9:20:20 AM, on 11/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Microsoft Off... Read more

Answer:hijacking

Duplicate
all replies to
http://forums.techguy.org/t293459.html
 

1 more replies
Relevance 32.39%

Hello
As recommened by one of your senior members when I posted in a different forum I have ran Hijack this on my computer and I attach the log file. There doesn't seem to be anything untoward in there but i'm no expert.

Hope you can help.
thanks.

this is my original post:

" IE 6 prob security popup problem
Something seems to be wrong with my internet explorer prohibiting pages and files from running.
I cannot stop this message from occuring.....
" To help protect your security, Internet Exporer has restricted this file from showing active content that could access your computer."
More to the point, I close the popup and set it to allow it to run and the next time I open the same page or file it does it again. They do all eventually run in IE but it's extremely annoying to have to close that message every time. I've done all I know ( internet active x options enabled in the IE options, etc ) and it still posts the same message. It's driving me nuts.
Can anybody point me to a solution? ( i'm thinking something in the registry needs to be tweaked - but I haven't a clue what )
I'm running XP Pro SP2 and IE 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

thanks in advance.

digitalbot "


Hijackthis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:37, on 17/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processe... Read more

More replies
Relevance 32.39%
Question: hijacking

I have downloaded ad-aware 6.0, bhblaster, hijackthis as well as rbkilled, and spybot and they all have found hijacking software but it still keeps putting porn bookmarks on my faviorites. how do i fix this. thanks
 

Answer:hijacking

nickholtan

Welcome to TSG!

Please do this. Go here http://www.tomcoyote.org/hjt/ and download Hijack This. Un Zip it and click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

Do NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.
 

3 more replies
Relevance 32.39%
Question: IE Hijacking

Hijacking started last week: Using IE, I would do a Yahoo search for a topic; it would provide a list of links from which I would select one. But that site would not come up - I would be redirected to a completely different site (different every time). Doesn't do this if I either use Firefox or if on Yahoo I enter the desired URL manually (though for the latter it may go deeper on the link than I had typed). I've run Avast and Counterspy and found (and removed) other minor viruses - didn't fix this hijacking. HijackThis log attached.

Never been on this type of forum before, by the way.

Thanks
 

More replies
Relevance 32.39%

Hello,

I'm having problems configuring IE's (6.0) start page. I try to configure it to start with a blank page but it never saves the setting and always goes back to displaying MSN.com.

I'm pasting my Hijack This log. Is there anything else worth cleaning ?

Cheers!
Logfile of HijackThis v1.99.1
Scan saved at 19:28:11, on 28/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\ARQUIV~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Webroot\Spy Sweeper\SpySweeper.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Arquivos de programas\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de progr... Read more

More replies
Relevance 32.39%

Hello,
 
I noticed upon viewing the source of some websites the same code is in the source code of whatever page I'm viewing. I've checked quite a bit of pages to make sure it's not the website, and it's not. At the top of the page, the following code is displayed:

<script type="text/javascript" id="2f2a695a6afce2c2d833c706cd677a8e" src="http://d.lqw.me/xuiow/?g=14D55225-3866-41E2-141F-89A0CAC28320&s=8F71DB22-A8DF-4C0D-A26C-2142A9317F6A&z=1385446817"></script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Content-Script-Type" content="text/javascript">
<script type="text/javascript">
function getCookie(c_name) { // Local function for getting a cookie value
if (document.cookie.length > 0) {
c_start = document.cookie.indexOf(c_name + "=");
if (c_start!=-1) {
c_start=c_start + c_name.length + 1;
c_end=document.cookie.indexOf(";", c_start);

if (c_end==-1)
c_end = document.cookie.length;

return unescape(document.cookie.substring(c_start,c_end));
}
}
return "";
}
function setCookie(c_name, value, expiredays) { // Local function for setting a value of a cookie
var exdate = new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie = c_name + "=" + escape(value) + ((expiredays==null) ? "" : ";expires=" + exdate.toGMTString()) + ";path=/";
}
function getHostUri() {
var loc = docu... Read more

Answer:Possible Hijacking?

UPDATE: Fixed this, apparently something with "ScorpianSaver" was found in my Program Files and I had to use Unlocker to the kill the process. It deleted everything except "Adpeak.exe" was deleted then upon reboot by Unlocker, its been deleted. I attempted to go to the websites and it was fixed.

2 more replies
Relevance 32.39%

can anyone help me ? here is my logfile

Logfile of HijackThis v1.97.7
Scan saved at 9:43:50 PM, on 2/7/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\ECLJEM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\PACKAGER.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thesearchmall.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://thesearchmall.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,D... Read more

Answer:another hijacking - please help

10 more replies
Relevance 32.39%
Question: IE Hijacking

Hi to all I am trying to fix a friends computer. It had about 30 viruses and heaps of spyware on it when he asked for my help.
I have cleared all of the above but can not stop the hijacking of IE it keeps going to search miracle and when it does we seem to loose the internet although the connection is still alive.

He is running XP home and I have tried putting service pack 2 on but this has not helped, running AVG Free ver 7, adaware SE, Pest Patrol, and zonealarm to try to combat the problems, below is the Hijack this log file any help in fixing the problems would be greatly appreciated.

He did originally have Nortons Anti Virus on the system but it's not there any more I think he just deleted it as I have found that navprotect.exe is still being loaded, I have done a selected startup to try and shut down a few things at startup including navprotect but they seem to keep coming back!
any help in removing the traces of nortons would be good aswell please.
Logfile of HijackThis v1.99.0
Scan saved at 5:37:40 PM, on 2/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOW... Read more

Answer:IE Hijacking

8 more replies
Relevance 32.39%
Question: hijacking

I seem to have a hijack program in the computer. I have run adaware, spybot & cw shredder but it does not go away. I also have webroot - sp y sweeper. After I run it every 30 seconds or so it keeps popping up with these files mfclw32.exe, cruo.exe, & mfchd32.exe. I have to disable webroot to be able to use the computer. I also have Norton Security & have run that. I don't know much about computers, so I hope this is enough info for you to help me.
 

Answer:hijacking

Welcome to TSG kdouglas

Go to http://www.thespykiller.co.uk/downloads.htm and download 'Hijack This!'.

First make a folder on your computer in my documents called Hijackthis and then Unzip it to that folder.
Then doubleclick the Hijackthis.exe.

Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here
in a reply.
It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
so do NOT fix anything yet.

Someone here will be happy to help you analyze the results.
 

2 more replies
Relevance 32.39%
Question: Hijacking

I ran hijack this & this the results. If someone can please help me with my hijacking problem. Thank you.

ile of HijackThis v1.99.1
Scan saved at 10:43:02 AM, on 3/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\mfclw32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mfchd32.exe
C:\Program Files\hp center\137903\Shado... Read more

Answer:Hijacking

Bump for HJT Log expert.
While you are waiting do the following -
If you haven't already got them download, install and update the definitions of -
Adaware SE free version from - http://www.lavasoft.de/news/product/info/
Spybot S and D from http://www.security.kolla.de
SpywareBlaster from - http://www.javacoolsoftware.com/downloads.html
Microsoft Antispy beta from http://www.microsoft.com/downloads/...&displaylang=en
and also download
CWSshredder from - http://www.intermute.com/spysubtract/cwshredder_download.html
Turn off System Restore, Boot up in Safe Mode and run a scan with each of the downloaded programs.
Run a Hikackthis Scan and mark the following for deletion -
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lbmfr.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lbmfr.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lbmfr.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lbmfr.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lbmfr.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lbmfr.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = re... Read more

1 more replies
Relevance 32.39%

Good Morning. I've got something weird going on with my computer and I'm scared it's being hijacked. The other night I found a couple web sites in the history that just came out of nowhere. The 2 sites were porn sites that looked like spam to me. I know I had never heard of these 2 sites and my wife said she had never seen them before. The crazy thing is, those were the only 2 sites that were listed in the "History". I ran Adaware and it detected 53 items, I also ran Mcafee Virus Scan and nothing was detected.

I do use a peer to peer program to share files, maybe that was the cause of my problem? I don't have a clue, I'm just thinking out loud.

Anyway, attached is a Hijackthis log I ran last night, I would greatly appreciate it if someone could take a look at it and see if there's anything weird on it. I want to clean my computer up and get this smut off of it. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 4:34:18 PM, on 9/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafe... Read more

Answer:Help - Possible Hijacking

Your Java is out of date, that's about all I see, Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

 

1 more replies
Relevance 32.39%
Question: Hijacking

I have windows xp. When I open internet explorer, about:blank becomes my homepage. When I try to change my home page on internet explorer to the page I want, then get out of the internet explorer and re-open it, the about:blank is back. Also, when I try a search engine such as google, another search engine, search to find.com pops up. Someone told me we've been hijacked.? Any help would be appreciated. Thanks
 

Answer:Hijacking

16 more replies
Relevance 32.39%

I've tried spybot, ad-aware and hikackthis. Everything keeps coming back.

Please help, here is the Hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 2:01:42 PM, on 8/26/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\NOVELL\CLIENT32\NWRECMSG.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\NOVELL\CLIENT32\WM95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\IRXFER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DAEMON.EXE
C:\WINDOWS\SYSTEM\ATI2CWXX.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\CFGSAFE\AUTOCHK.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TP98TRAY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\THINKPAD\UTILITIES\TPHKMGR.EXE
C:\WINDOWS\SYSTEM\PRPCUI.EXE
C:\WINDOWS\SYSTEM\IBMBAYSN.EXE
C:\WINDOWS\SYSTEM\IBMBAY2M.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\DPMW32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\DIT.EXE
C:\WINDOWS\DITEXP.EXE
C:\WINDOWS\TEMP\W0EP2.EXE
C:\PROGRAM FILES\WEB O... Read more

Answer:Help with Hijacking

Double Post
 

2 more replies
Relevance 32.39%
Question: possible hijacking

I have a HP Pavilion running Windows 8.1 64-bit system. I have AVG free version installed and I use C-Cleaner before and after each session. I also have run Malwarebytes and Emisoft anti-virus scanners at regular intervals which do not show up any infections.However, I believe I may have been hijacked. Downloads recently have become very slow or often 'hang' both with Firefox and Chrome. It does not appear to be the ISP. Occasionally I get a message about DNS server issues or 'connection was reset'. I also recently received a phishing email related to a financial account I access (I never do any online banking -- ever!)System Explorer shows my computer accessing a site related to w2.hackademix.net (60.229.50.166   69.195.158.198)www.robtex.net shows these addresses located in Kansas City MO United States.Since I am based in Australia I am concerned here.I may just be dealing with some DNS resolution issues on my computer. But a hijacking may have occurred.Can you help, please.Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

Answer:possible hijacking

And where is that, please....

6 more replies
Relevance 32.39%
Question: Hijacking Help

First time posting so be gentle please...
Any time that I try to update Symantec or AdAware or the like, I get a message saying that the program can not connect for updates. Any time I try to go to a website such as Panda Security or Trend Micro Housecall (or many others) I get a "google" search page with my destination website as the search subject. It looks legit, but when I click on a link it sends you to a completely different place or just says page could not be displayed. I disabled System Restore. I have run scans with Symantec, AdAware, and Windows Defender (all unupdated of course). Removed any trash found there. Tried to install Spybot and others, but failed due to blocked communication to websites like these. Windows firewall is off. I even tried safe mode...denied...I get a blue screen stating it couldn't find or load a video driver. Here is a Hijackthis file (one of very few things I could load directly). Please let me know what to try next. Thank you for your time and efforts in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:25 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C... Read more

Answer:Hijacking Help

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If you have trouble downloading the files below, download them to a USB drive on another computer, and transfer them to the desktop of the affected computer.

-----... Read more

18 more replies
Relevance 32.39%
Question: ad hijacking

I have noticed on one of my computers that the banner ads on some sites are being taken over by other ads.

I went to a school website, and their menu buttons for faculty, etc. all of a sudden turned into ads for a credit card!

Any ideas on what in the world is causing this? And what to do?

I ran spy bot, but still happens occasionally.
 

Answer:ad hijacking

8 more replies
Relevance 32.39%
Question: Hijacking this

Hey I just installed Spyware Blaster and Spyware Guard just the other day, and Spyguard keeps popping up with its warnings about this and that, but keeps showing up with the exact same problems over and oevr again. I searched with my HiJackthis to see the problem but not that experienced with reading it's logs, could anyone help me with this? thanks
 

Answer:Hijacking this

16 more replies
Relevance 32.39%

Hi,

I recently installed Verizon DSL onto my home PC. After functioning beautifully for a day or two, I seem to have become infected by some kind of virus. I am seemingly able to connect to my network (local area network interface says I'm connected, Verizon control panel says same), but when I try to access any webpages via IE, I'm given the "page is unavailable" error screen.

I ran AVG, which found 6 Padobot viruses and removed them, but the problem persists. I also ran McAffee's Stinger, which found nothing.

I have noticed that there is a registry key under IE called "QueenKarton", which sounds pretty suspicious.

Any suggestions?

Thanks.
 

Answer:Possible IE Hijacking?

16 more replies
Relevance 32.39%

Okay, just two days after reinstalling Windows, I got hijacked. Therefore, my HJT log is fairly short. I'm certain on most of what needs to be removed, but not sure about a couple.

Logfile of HijackThis v1.98.0
Scan saved at 8:54:38 AM, on 7/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\System32\CTHELPER.EXE
F:\Program Files\Common Files\CMEII\CMESys.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
F:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
F:\WINDOWS\System32\CTsvcCDA.exe
F:\Program Files\Common Files\GMT\GMT.exe
F:\WINDOWS\System32\MsPMSPSv.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\Documents and Settings\Stoner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://F:\DOCUME~1\Stoner\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://F:\DOCUME~1\Stoner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://F:\DOCUME~1\Stoner\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://F:\DOCUME~1\Stoner\LOCALS~1\Temp... Read more

Answer:Help With Hijacking

Hi, and welcome to tsg - please post a "bump" here if you still have a problem with your PC
 

2 more replies
Relevance 32.39%
Question: another hijacking

hi there, my home page has been hijacked and ive tried to reset it but cannot! ive run adaware and search and destroy. please help. heres my
hijack this... thanks

Logfile of HijackThis v1.97.7
Scan saved at 6:43:09 PM, on 7/6/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\BHODEMON 2.0\BHODEMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://solar.directwebsearch.net/search.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://solar.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://solar.directwebsearch.net/search.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html
R1 - HKLM\Software\Microsoft\Internet Explore... Read more

Answer:another hijacking

11 more replies
Relevance 32.39%

Well it looks like I am not nearly the first with a hyjacker/spyware problem. From what searching I have done, it looks like I have a version of the coolwwwsearch. Here is my hijackthis log. To add a little background, I have been running spybot and hijackthis for about 6 months. I have uptodate versions of both. This attack just started yesterday. I have scanned with both, and as always the problems just keep coming back. I have also downloaded shredder and ad-aware se. Nither have fixed the problems. Well, thanks in advance for the help and let the games begin :)

Logfile of HijackThis v1.98.2
Scan saved at 12:09:44 AM, on 12/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDO... Read more

Answer:Yep more hijacking fun. Help please!

Hi
Make sure you have already run Adaware, Spybot S & D(check for updates) as these will do a preliminary clean first.Some files below may not be present after running the above programs.

Then....
Turn off your System Restore SEE HERE Reinstate it when your log is cleaned and then create a new restore point.Close your browser window and run hjt in safe mode... HOW TO RUN SAFE MODE and have "Hijack This" fix all the following items by placing a check in the appropriate boxes and selecting "fix checked".
Folders that have been highlighted RED in the log will need to be uninstalled.Check first as some folders maybe uninstalled via the Add/Remove program. Files highlighted in BLACK in the log will need to be removed from your hard drive. Make sure to have your system set to show hidden files and folders.. HOW TO SHOW FILES ..Please reboot and post a new log when finished...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O1 - Hosts: 69.20.16.183 ieautosearch
O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - (no file)
O9 - Extra button:... Read more

19 more replies
Relevance 32.39%

Hi, this has been going on for a few days ANY help would be appreciated! I now can not open Mozilla, my MalwareBytes, or my control panel to add remove programs. It also wont let me open GMER, so here is yesterdays log. I thank you in advance.

Answer:This is Hijacking everything, 1 by 1

Hello and and Welcome to BleepingcomputerPlease note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have sinceresolved your issues I would appreciate if you would let me no so I can close this topic.Please download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.When finished, it wi... Read more

2 more replies
Relevance 32.39%
Question: Possible Hijacking

Hello, my name is Lucas. I am running Windows XP on a home built computer. The computer has been running fine for five years, so I am sure it is not a problem resulting from faulty assemblage. I have noticed that when I use a search engine the links are redirected to other sites (the majority of the time to a site called shopolica) and I can no longer open Spybot S&D. Furthermore, whenever I type the phrase "spybot won't run" into either google or yahoo, the page with results will not load. I have tried reinstalling Spybot, but to no avail. I have run both Ad-aware SE and Symantec Antivirus, with Adaware displaying one malware program which I removed, and Symantec showing no infections. The problem has persisted despite removal of the adware program removed in Ad-aware SE.

I have attached the log file from hijackthis. If there is any other information I can provide for you please let me know. I look forward to your reply.
 

Answer:Possible Hijacking

I have recently run an updated Symantec scan and it found a virus called Packed.Generic.200, which it could not delete, clean, or quarantine. When I attempted to run the scan again in Safe mode, the virus was not found, and I have not been able to find it again with Symantec antivirus since last night. When I looked into the Spybot file folder I discovered that the programs executable file was missing, and everytime I tried to reinstall the program that file would disappear.

(Edit)
I have just finished another Symantec scan in Safe mode, in which I removed a windowsupdate.com trojan horse. Upon reentering normal mode, symantec automatically deleted two copies of the Packed.Generic.200 virus and Hacktool.Rootkit. I now have use of Spybot SD again and my search engine results are no longer being redirected. The problem may be resolved.
 

2 more replies
Relevance 32.39%
Question: possible hijacking

Ref -- Damien88
 

 CheckResults.txt   58.59KB
  8 downloads

 ESET.txt   4.16KB
  3 downloads

 TDSSKiller.3.1.0.9_24.04.2016_09.11.48_log.txt   758.01KB
  2 downloads

Answer:possible hijacking

Hello Damien88 and welcome to Bleeping Computer.
My name is Satchfan and I would be glad to help you with your computer problem.Please read the following guidelines which will help to make cleaning your machine easier:
please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
===================================================Note: Please follow these instructions in the order given.
 
===================================================Download and run AdwCleaner
Download AdwCleaner from here and save it to your desktop.
run AdwCleaner by clicking on Scan
when it has finished, leave everything that was found checked, (ticked), then click on Clean
if it asks to reboot, allow the reboot
on reboot a log will be produced; please at... Read more

12 more replies
Relevance 32.39%
Question: Another Hijacking

Win XP machine that was infected, still is? I have run most of the recommended softwares from similar posts already to shorten the help needed. Already did the ewido in safe mode too, hopefully haven't did too much already. Here is the Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:21:07 PM, on 12/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C... Read more

Answer:Another Hijacking

sorry forgot to attach the ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:36:34 AM, 12/6/2005
+ Report-Checksum: 97FEF7E4

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -> Spyware.E-booksystems : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} -> Spyware.E-booksystems : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Jim\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Recycled\NPROTECT\00001565.EXE -> Downloader.PurityScan.n : Cleaned with backup
D:\Humor\9coronas.exe -> Not-A-Virus.Joke.Stupen.c : Cleaned with backup
D:\Humor\finger.exe -> Not-A-Virus.BadJoke.Finger.b : Cleaned with backup
D:\Humor\cupholder.exe -> Trojan.CokeGift : Cleaned with backup
D:\Humor\Rumor.exe -> Not-A-Virus.Joke.Stupen.c : Cleaned with backup
D:\Humor\misc-humor.zip/FINGER.EXE -> Not-A-Virus.BadJoke.Finger.b : Cleaned with backup
D:\Humor\misc-humor.zip/Rumor.exe -> Not-A-Virus.Joke.Stupen.c : Cleaned with backup
::Report End
 

1 more replies
Relevance 32.39%

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:45:29 AM, on 21/07/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16850)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:&#... Read more

Answer:hijacking...HELP!!!

Hello and welcome to Bleeping Computer.My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I wouldbe grateful if you would note the following: Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
Copy and paste all logs requested in you reply, Do not attach them unless asked too.
If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
If I do not hear back from you within 5 days of my last post, then this topic will be closed.Please download Malwarebytes' Anti-Malware from HereNote: If you already have Malwarebytes' Anti-Malware, just update then run it.Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be p... Read more

2 more replies
Relevance 32.39%

Somehow I got a virus that hijacks my homepage and installs bookmarks & shortcuts to some virus protection site. I've run Microsoft anti-spyware & Search and Destroy to no avail, and I can't change my homepage back. I've got the AVG freeware as virus protection - now it appears I need more. My hijack this log is below, any help would be much appreciated:Logfile of HijackThis v1.99.1Scan saved at 8:46:38 PM, on 1/27/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Microsoft Hardware\Mouse\point32.exeC:\Program Files\Microsoft Hardware\Keyboard\type32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Microsoft Anti... Read more

Answer:Help With Hijacking?

Click here to download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.Click here to download ewido security suite - it is a trial version of the program.Install ewido security suiteWhen installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screenYou will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Do NOT run a scan yet. Exit the program.Click here to download Ad-Aware SE 1.06 and install' if you haven't already got it. Launch Ad-aware and click on "check for updates now" to make sure you have the latest reference file. Do NOT run a scan yet. Exit the program.Next reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive (where your operating system is installed). You will need that log later.... Read more

5 more replies
Relevance 32.39%
Question: Hijacking?

Having seen some members being accused of hijacking someone else's thread, I thought I would look up the ruling in the terms and conditions regarding the postings within PCA forums, I can find no reference to it hijacking. Is it an unwritten rule? Can anyone enlighten me please?

Answer:Hijacking?

It has always been considered bad etiquette to 'hijack a thread', Miros, but on any forum I've ever used, it's considered no more than that. Most hijackings on this forum are usually unintentional.

6 more replies
Relevance 32.39%

This time, I can't get rid of it. I checked my previous postings, and followed what I'd done then, but to no avail! CWShredder is cleanin the sucker out, but it's there again as soon as I fire up IE. It's also pretty clever: every time I try to download 'Hijack this',or any other tool, it jumps straight back to its searchpage. I managed to 'save target as..' a Spyware app., but on running it I got a message saying file corrupted by virus.Any help appreciated.

Answer:IE hijacking yet again!!

Name of search pasge or hijack item?G

10 more replies
Relevance 32.39%

Hello, first off I am very new to the whole Malware and Virus thing, and log files. But I do follow direction well.I have a Dell D610 running Windows XP service pack 3Problem: After booting up I get an error that says Services and Controller app encounters problem and needs to close.If I hit ok, then nothing works. If I drag it to the side then I can navigate in NORMAL MODE.Also, my DNS has been Hijacked and Adware scand find the issue but they come back after each delete.Need some better assitance.I am in Safe ModeHere is my HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:13:38, on 12/7/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\My Downloads\Spyware tool\HijackThis\HijackThis.exeR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA0... Read more

Answer:DNS Hijacking to 85.255, need help....

Anyone have aclue what I should Do??

4 more replies
Relevance 32.39%
Question: HIJACKING of IE7

I have a problem with IE7 being HIJACKED. I have run MALWARE, and ADWARE and cleaned what it forund but I am still having the same problem. I use a VPN to connect to work but have been unable to do so sinced this occured. Once logged on to the VPN I launch IE and should see my company internet. What I get is unable to find the page and a different page appears. If I try to put the IP address in it finds the company website. This is not a long term solution as my company changes the redirects often. Here is the HIJACK Log file:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:34:52 PM, on 1/4/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\a-squared Free\a2service.exeC:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\Program Files\PrevxCSI\prevxcsi.exeC:&#... Read more

Answer:HIJACKING of IE7

Hello BIG__ED,Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.Thanks,tea

2 more replies
Relevance 32.39%
Question: Possible Hijacking

Here is a log file for Hi-Jack This. Can anyone tell me what I can get rid of? I appreciate your help. IE keeps going to http://www.safetyuptodate.net/ even when I change the home page. I am also getting a yellow yield sign with an exclamation point and a System Alert popup bubble.


Edit by chaslang: Inline HJT log removed. Cleaning steps not followed
 

Answer:Possible Hijacking

Welcome to Majorgeeks!

You need to run the below and then ATTACH (no logs should be posted inline) the smitfiles.txt log:

SpywareQuake & SpyFalcon Removal Procedure

If you still have problems after running the above, please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

1 more replies
Relevance 32.39%

Hi,I got a problem with a "refresh page" on 69.50.190.131. I did not find NOTHING with: Ad-Aware, SpyBot S&D, Webroot Spysweeper, Spyware Blaster, Microsoft Antispyware, PcCillin Online, A-squared. I tryied also in safe mode, scanning with Kaspersky Antivirus an Trojan remover but sometime the page is refreshed with 69.50.190.131. I'm coming crazy!!! Please, help me!!!This is my Hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 21.18.47, on 22/04/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRAMMI\McAfee.com\PERSON~1\MpfTray.exeC:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exeC:\Programmi\Microsoft AntiSpyware\gcasServ.exeC:\Programmi\PopUp Killer\popupkiller.EXEC:\PROGRAMI\McAfee.com\PERSON~1\MpfAgent.exeC:\Programmi\Microsoft AntiSpyware\gcasDtServ.exeC:\... Read more

Answer:Hijacking On 69.50.190.131

Click here to download ewido anti-malware - it is a trial version of the program.Install ewido.When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".Launch ewido, there should be an icon on your desktop double-click it.The program will now go to the main screen.You will need to update ewido to the latest definition files.On the left hand side of the main screen click updateThen click on Start UpdateThe update will start and a progress bar will show the updates being installed. Then:Click on scannerClick on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).While the scan is in progress you will be prompted to clean files, click OKWhen it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.Once the scan has completed, there will be a button located on the bottom of the screen named Save reportClick Save report.Save the report .txt file to your desktop.Now close ewido.Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.

2 more replies
Relevance 32.39%

Wow...it's like you cant visit any website anymore withoiut being attacked by some malicious thing.So I'm just browsing around, clicking links here and there, and I finally reach some website, which starts a download. I dont know what it is, and I cant stop it, so I just reboot.Okay, now I open up IE again (I do use Firefox, but at the time, I didn't realize I was using IE). I'm at some site with a lengthy message and links telling me how my internet information is being leaked, and possibly reasons why. It looked legitimate, but I dont know. Too bad that, because of the idiot I am, I can't access that page anymore.Anyways, I ran Hijack This, and I was wondering if anyone here knew what to make of this:Scan saved at 5:57:58 PM, on 5/5/2006Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32&#... Read more

Answer:Possible Hijacking?

Hi, Dwin.Their are several problems with your hijackthis log, one of which appears to be a wareout infection.Why is your system not updated at all? Do you have a valid copy of XP?It won't do much good to clean your sytem, unless you update it.You should try to update to SP1 as soon as we complete this first fix.Don't update to sp2 until your system is clean, malware can corrupt the sp2 install.Your hijackthis log is incomplete. The top part that states the hijackthis version is cut off.You appear to be using a very old version of hijackthis.Please download the latest version of Hijackthis by clicking here and use it to post your next log.You may want to print out these instructions for reference, since you will have to restart your computer during the fix.Please download FixWareout from one of these sites:http://downloads.subratam.org/Fixwareout.exehttp://www.bleepingcomputer.com/files/lonny/Fixwareout.exeSave it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.If you have problems connecting to the internet after running the fix, try these steps.Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connect... Read more

2 more replies
Relevance 32.39%
Question: FVP Hijacking

Hi,

My daughter`s computer is incredibly slow and the browsers were hijacked by something which call itself as ~FVP~.

I attached DDS logs.

More replies
Relevance 32.39%

I have been cleaning up my dad's system but there are a couple of problems I can't get rid of. 1. Whenever I start the machine, the connection dialogue box comes up i.e something is trying to access the internet. 2. The homepage is constantly reset to either about:blank or click here whenever IE is running. I have run SpyBot S&D (found loads but now corrected), updated to IE6, and loaded all of the latest security updates for Win 98. Any ideas to help please?

Answer:Something is hijacking IE

Try CWShredder click here

4 more replies
Relevance 32.39%
Question: Possible Hijacking

I just did a fresh install of Vista Premium, I formatted the drives at least 5 times before I installedInstalled Apps: SUPERAntiSpyware, ZONE Alarm Firewall, Kaspersky Internet Security, Firefox 3.04 My internet connection keeps dropping repeadedly, my packets sent VS packets received differ vastlyI am using a Linksys 150N Router with wireless turned offI became weary when I tried to access my EBAY account & the page kept taking me to the login pageHIJACK This LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 6:13:47 PM, on 12/16/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16386)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\WindowsMobile\wmdSync.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\CheckPoint\ZAForceField\ForceField.exeC:\Program Files\CheckPoint\ZAForceField\ISWMGR.exeC:\Program Files\CheckPoint\ZAForceField\ISWMGR.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.ex... Read more

Answer:Possible Hijacking

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to di... Read more

2 more replies
Relevance 32.39%

My computer has malware on it that I can't get rid of. Homepage was hijacked, altrhough I seem to have resolved that (unless the problem is sleeping and wiating to re-attack). but I still have these 6 adware icons on my desktop (for gambling, dating, pharmacy, xxx, spyware and something invovling a man sleeping) that I can'tr get rid of.

I've done all of the steps in the "do first" section involving AdAWare, CCleaner, MS AntiSPy, MS Malicious Software, SpyBot, CWSHredder, Bitdefender, Panda Activescan, about:Buster and HSREmove. I've run HijackThis, but don't know if I'm supposed to attach that yet. Can you tell me what information I should try to post here - and also, whether JUST the Hijack this stuff needs to be sent as an attachment, or if ANY log should be attached (rather than posted inline).

Many thanks for your help.

Craig
 

Answer:Help with hijacking

Our Tutorial tells you which logs were need attached.

READ & RUN ME FIRST Before Asking for Support

Attach the BitDefender, Panda ActiveScan, and HijackThis logs as explain in teh above link.
 

12 more replies
Relevance 32.39%
Question: Hijacking

Guess I have been lucky. I just now have my first problem with one of the sites I go to regularly being hijacked. I just downloaded the AboutBuster program which I understand is supposed to fix the hijacking problem, but when I tried to access the site with the problem, the hijack is still in place. I get maye 2 or 3 seconds where I am looking at the site I want and wham it gets overrun with the hijack site. Bummer.
 

Answer:Hijacking

Hi rbmajec!
Welcome to Major Geeks!
Yeah! Bummer!

Please follow the instructions in the READ & RUN ME FIRST and do not overlook putting your computer into normal startup mode using msconfig. There are more detailed instructions about this in the thread. When you finish, please attach the requested logs. This may not be such a difficult problem to resolve.

Thanks.
abri
 

1 more replies
Relevance 32.39%

Windows XP, fully up to date with one of the Service Pack 2 RCs.

Okay, several days ago, I started to get AOL System Messages telling my that my account had signed on at another location. These were followed very shortly by auto-replies from various names which I had never heard of before.
The first thing I did was change my password.
No luck, it still happened. My thought at this point was that somehow something might be piggy backing onto my IM session - but I was using gaim, and it seemed unlikely that someone would specifically write an exploit for it. Nevertheless, I switched to the official AIM client, and things quieted down briefly before it started again.

I installed and ran Adaware, spybot, norton AV, AVG, and Hijack this. Some spyware was found, and subsequently removed - still, the hijacking of my AIM account persisted, over more password changes.

I haven't a clue what is causing this. The account itself was just suspended, likely due to warnings from people who were spammed by it. Before I call to get that fixed, I want to make sure that I can avoid it in the future.

Some notes:
1. It seemed like the account was logging in very briefly (4 seconds or so), sending a bunch of messages (I'd usually get 3 auto-replies per time it did this) and then logging out
2. It did this regardless of whether I left it logged in or not - I logged it out at a warning level of 35% - when I return the account was suspended.

I see two possibilities, ... Read more

Answer:Something is hijacking AIM

Hi, and Welcome to MG

Here's a pretty comprehensive thread dealing with this sort of thing:
http://forums.majorgeeks.com/showthread.php?t=35407

Give that a shot
 

2 more replies
Relevance 32.39%

My Homepage Won't Change

- I don't know what to do anymore... I've downloaded all the Spyware/Adware programs I could find, and they still don't seem to work. Even my "HijackThis" program won't delete all the viruses it finds, and my homepage continues to read "www.bestweblinks.com", each day seems to get worse. Every 10 seconds I get a random pop-up. I can't even go to "www.Yahoo.com" without it transferring me back to my homepage. No matter how many times I run a system scan, I always find the same viruses. Are the replicating themselves or something??? I downloaded Spy-Sweeper, HiJack This, Spy-Bot Search and Destroy, Browser Hijack Recover, CCleaner, Ad Aware, Stinger... WTF Is going on, what good are these programs if they don't even work? each time the same viruses keep returning, if not new ones. I don't know what to do.... Somone please help me.
 

Answer:Hijacking Help..... Please!!!!

Please follow standard cleanup procedures as given below:

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps below:



Download HijackThis 1.99.1

Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

Run HijackThis and save your log file.

Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

Need help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting
 

1 more replies
Relevance 32.39%
Question: Hijacking help

hello
followed the rules for hijack this and i could really use some help....it would be greatly appriciated..constant pop ups and did a few virus scans and everything seems to be going to restore..please help
ren
 

Answer:Hijacking help

Welcome to Majorgeeks!

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
Make sure you check version numbers and get all updates.
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)
Bitdefender
Panda Scan
HijackThis

.
 

1 more replies
Relevance 32.39%

I have had a few problems on the pc these last few days, and I thank you all - Partic. VoG - for helping me out.Just tried to play my new, Kosher copy of Kings of Convenience CD on the pc, after playing a few mp3s. CD loads, the I get a message saying 'Certain files need to be updated before this cd will play', so I does, and it plays; but WinMP does nothing. I close it, and find this wee skin-form player playing the cd. Its says it is by Macrovision, and uses Microsoft products; also, in My Compter, the DVD/player drive shows a grren cross beside a blue-ish musical note.Have I been stiffed again, or what?

Answer:Hijacking, or what?

am sorry I cannot help but I just LOVE the way you put it:::)))am sure someone will help:)

10 more replies
Relevance 32.39%

windows professional by johnnyhi someone seems to be hi jacking my pc , they go into the start menu and properties and pulls wizard- files and settings transferred up while the whole screen goes crazy. it also tries to kick you out of watheva you doing, i've had the pc forrmatted twice and i run avg anti virus i don't how many times help please helpk

Answer:is someone hijacking my pc

After you format the drive are you using a copy of the windows CD to reload the machine? Or a real CD from Microsoft?

6 more replies
Relevance 32.39%
Question: Help For Hijacking

Okay let me say i have very limited experience dealing with this stuff. Here are the actions i have taken so far. PROBLEM : Softwarerefferal.com has taken over my computer putting a spyware removal program on my desktop. (How Ironic). Also, i am now getting a DOS type window that opens on start-up. I cant read everything it says other that it is cmd.exe and it isnt recognizing something, it closes pretty quickly and the computer starts normally. I also have the Trustedantivirus.com banner that wont stay gone.ACTIONS TAKEN: 1. After reading on here, i downloaded Combofix and ran it, it worked but the program keeps coming back.2. Downloaded, and paid for, NETCOM3 Cleaner. Cleaned some stuff but not the main problem3. Downloaded Adaware and ran scans until i got a clean one.4. Downloaded and ran Spybot, deleted files.5. Installed Zonealarm6. Scaned with housecall, Cleaned and installed a bunch of updates for XP SP-2 that it reccomended.7. Downloaded and ran Mcaffee stinger, it found no problems.8. Downloaded Hijackthis, I then changed the name of the exe file to, TrendHJT.exe. I read that some malware has learned to hide from hijackthis, at any rate, currently the highjacker i had is not there but i am afraid it will be back unless i do something.Below is the after action High-jackthis log file. If there is more i need to do, any help would be greatly appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:08, on 2007-12-09Platform: Windows XP SP2 (WinNT 5.0... Read more

Answer:Help For Hijacking

Hello jmgammill,Welcome to Bleeping Computer Please download SmitfraudFix (by S!Ri)Extract the content (a folder named SmitfraudFix) to your Desktop.Open the SmitfraudFix folder and double-click smitfraudfix.cmdSelect option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).Please copy/paste the content of that report into your next reply.Thanks,tea

18 more replies
Relevance 32.39%
Question: More Hijacking

Howdy. I see a lot of these from forum to forum, people asking for help on their Hijacker or Spyware problems. I too am having a problem, and rather try to use the advise given to other people, I figured I need to get some advice directed at my specific problem. I beleive I had the CoolWebSearch thingy, and Ad-Aware seems to have gotten rid of it, now Ad-Aware and SpyBot S&D are picking up altered Registry Keys, and they can't get rid of them... and it's causing my homepage to be the About:blank or something, and everytime I run Outlook, IE, AIM or sometimes even do a Search of my files, I get a pop up saying I have Spyware on my comp and a link that directs me to a place to fix it or something. Also Spybot S&D detects registry values changing every time I use any of the programs I mentioned. What should I do? o_o
 

Answer:More Hijacking

Hi go http://www.majorgeeks.com/download.php?det=3155

And download HJT and post back a log please,
 

1 more replies
Relevance 32.39%
Question: Hijacking

so i got my friend gave me his computer so i could try and fix it.i've ran Ad-Aware, Ewido Anti-Spyware, Spybot-Search and Destroy, Spyware Blaster, CCleaner, and ATF Cleaner each about 3 times now.i've deleted all of the things that have shown up and still my background is white. i assume it was hijacked and i cannot get it to show the background.please help.thanks in advance.Logfile of HijackThis v1.99.1Scan saved at 5:45:26 PM, on 11/14/2006Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\windows\system\hpsysdrv.exeC:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exeC:\Program Files\ewido anti-spyware 4.0\guard.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exeC:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exeC:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exeC:\WINDOWS\System32&#... Read more

Answer:Hijacking

Hello,Perform next please..Open notepad and copy and paste next present in the quotebox in it:regedit /e peek1.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies"regedit /e peek2.txt "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components"type peek1.txt >> look.txttype peek2.txt >> look.txtdel peek*.txtstart notepad look.txtSave this as look.bat , choose to save as *all files and place it on your desktop. It should look like this: Doubleclick on it and notepad should open.Copy and paste the contents of it in your next reply.(In case you are unsure how to create a bat file, take a look here with screenshots.)By the way, you say you deleted a lot of things - do you mean fixing before in Hijackthis? Because if you fix in Hijackthis, it won't show me anymore what may still be present or not.Do scans come up clean?

2 more replies
Relevance 31.98%

Now that I'm home for Christmas, I've been asked to fix up my dad's computer - he picked up a bunch of malware a few days ago. At this point, I've done what I can, but need some further expert advice.Symptoms are currently limited to some serious browser hijacking (when I click a Google result, it gets redirected to delv.com or something like it) in Firefox (normal and Portable Apps edition) and IE, an inability to run some AV programs, and a non-working safe mode.I've done the following at this point: Run HJT several times, and removed the obvious malware hits Installed and ran A-Squared AV and completed a deep scan Installed Spybot S&D Installed MBAMThere are the following complications: I can't reboot into safe mode: when I reboot and select it via F8, it gets to the point where I have a working mouse cursor and the label at the top telling me I'm in safe mode, but no icons show up, no taskbar/explorer shows up, and CTRL-ALT DEL doesn't have any impact. While Spybot S&D installed properly and the resident protection runs fine, updating it fails and running the actual S&D application (either from the system tray icon or the start menu) has no impact, and nothing runs Similar to Spybot S&D, MBAM installed properly, but when I try and run it from either the start menu or the desktop, nothing happensAny help would be appreciated!Here's the DDS log:DDS (Version 1.1.0) - NTFSx86 Run by David at 20:06:56.57 on 24/12/2008Internet Explorer: 6.0.2900.5512 Browse... Read more

Answer:Firefox & IE Hijacking, Among Others

Problem fixed (used ASquared, followed by executing Spybot via a scr file, followed by renaming MBAM to get it to run).

Feel free to delete this topic, and thanks for your help.

2 more replies
Relevance 31.98%

My daughter does a lot of internet searching with her computer and recently told me all her Google searches go to shopping sites. It is a HP Pavillion a1030n running XP.
here is the HJthis file

Please help, her grades depend on this computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:26 PM, on 11/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\igfxtray.exe
H:\WINDOWS\system32\hkcmd.exe
H:\WINDOWS\AGRSMMSG.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\WINDOWS\ALCMTR.EXE
C:\HP\KBD\KBD.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Kodak\printer\center\KodakSvc.exe
H:\Program Files\AIM6\aolsoftware.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Linksys Wireless-G PCI Adapter\WLService.exe
H:\Program Files\Linksys Wireless-G PCI Adapter\WMP54Gv4.exe
H:\Program Files\iPod\bin\iPodService.e... Read more

More replies
Relevance 31.98%

hi
a hour ago i was searching google.com/search?q=swcms and then go to link socialcmsbuzz.com/tag/swcms/.

a strange thing happened and it first go to something like 92.xx.xx.xx/contents.htm then it redirected to the normal site.

then i run spybot in safe mode, searched nothing found. i run hijack this and there is no suspicous program running.

i tried same cycle countless times but that page never shown up. what is this? can someone please help me?

Answer:what is this? hijacking or proxying?

please any help...

1 more replies
Relevance 31.98%
Question: Moratu's Hijacking

Hello, everyone. So glad to find a place to relate my problems. I have recently been hijacked. I am a WoW player, and my account recently was taken over and had all items removed. I ran Kaspersky after the fact, and I have found nothing so far. I assumed I was fine after this as I had deleted quite a bit of my hard drive, and started to play again, but sure enough they hacked in again. I switched my email so they wouldn't be able to retrieve my password anymore, but, needless to say, I am quite paranoid. This isn't just about WoW anymore, this is about my computer. I downloaded Hijack This! and here is my log. I truly hope someone can help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:35 PM, on 12/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\... Read more

Answer:Moratu's Hijacking

I totally forgot to include I am on Windows Vista. I am pretty sure this will be shown in the log, but it helps to know what you are looking at in the first place.
 

2 more replies
Relevance 31.98%
Question: Browser hijacking

I posted this on another forum about a week ago without any luck, perhaps because of the holidays, perhaps because that is a smaller forum.Hey, I was hoping someone could help me out with my hijacked browser. This problem seems to have initially occured via IE, but is affecting Firefox as well. All search engine results are spam sites. It doesn't matter which engine. This happened a couple of weeks ago. I have tried restoring back to November first and I have run several antivirals etc., which you can tell from my hijack this logs.Here are the logs:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 4:50:05 PM, on 12/27/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\msdtc.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC: ... Read more

Answer:Browser hijacking

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results, click no to the Optional_ScanFollow the ... Read more

2 more replies
Relevance 31.98%

I think someone is hijacking my computer after finding several types of problems which need reinstall of operating system to repair. My sound card is fine but I get no sound, and all layers of sound are fine. My cursor will move by itself across the screen. I have gotten two viruses that downed my HDD with full protection in place.

I run windows Vista Ultimate.
I run AMD Sempron 2800+
On a Abit KV-85 Mobo

I am not sure how to get rid of the intrusion, but it would be nice to run my comp on its own again.
 

More replies
Relevance 31.98%

After a very long time without any apparent problems, a couple of issues have emerged on my computer:
1. Pop ups even when the Pop up blocker in on (in both Firefox and Explorer).
2. Being diverted to strange web sites which are only there for a few seconds and then the web site I was on comes back suddenly.
3. When I try to start Firefox, sometimes I am told that "Fire Fox is Already Running", and I have to Control/Alt./Delete to shut it and then it opens fine (but I DIDN'T have it open before!)
4. The system seems to be becoming progressively slower and slower.

I use McAfee to do scans to check for problems. I did a recent scan and nothing was detected.

Here is the latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:23 AM, on 11/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe... Read more

Answer:Pop up and Hijacking Problems

Please do not create multiple threads for the same problem.
Continue here: http://forums.techguy.org/malware-removal-hijackthis-logs/783292-ms-antispyware.html#post6365299
 

1 more replies
Relevance 31.98%

Hello

I suspect my computer system might be hijacked. My computer is very slow and I am unable to activate Norton protection (360) Please help me out as soon as possible.

thanks in advance

Ana
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:35 a.m., on 23/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\... Read more

More replies
Relevance 31.98%

here's my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:34 AM, on 6/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\System Control Manager\MSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\System Control Manager\MGSysCtrl.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WIN... Read more

More replies
Relevance 31.98%

I am trying to go follow this link to an RESP forms web page and instead i am being taken to a genealogy website.

Here is the link:

http://myhaywood.com/Forms%20Compliance/RESP%20Account%20Document%20Package/RESP%20Withdrawal%20for%20Educational%20Purposes%20.pdf

Any help would be appreciated.

thanks
 

More replies
Relevance 31.98%
Question: btcar hijacking

Recently when I try to click on links in google it will send me to btcar.com. I've also tried opening Spybot S&D but that will not open either. I've tried downloading the newest version of Spybot but it comes up with an error message like "cannot access server" here's the hjt log

=============================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:38 PM, on 4/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files... Read more

Answer:btcar hijacking

bump
 

1 more replies
Relevance 31.98%

Hi,I've been having problems with spyware on my Vista. My internet explorer keeps popping open with numerous tabs loading rogue websites, which then just hang before loading completely. I have run Ad aware, Spy Doctor, AVG and Registry Mechanic to try and sort this out, but to no avail. I'm now trying the HijackThis solution, but have no clue towards interpreting the Log. Here it is, can anyone help? ---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:46:41, on 15/02/2008Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.17052)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exeC:\Program Files\Thomson\ST330\service\st330service.exeC:\Windows\system32�... Read more

Answer:Need Help With Spyware Hijacking Ie

Apologies for the delay in responding. The workload on this forum is intense, and sometimes it is not possible to respond to every inquiry.Please download Deckard's System Scanner (DSS)Save it to the DesktopClose all other windows before proceeding. Double-click on dss.exe and follow the prompts. If your firewall offers a warning, allow the program to runWhen finished, DSS opens two Notepad files: main.txt <- this one is maximized and extra.txt <-this one is minimized
(A copy of these files is also found in C:\Deckard\System Scanner)Please post the contents of main.txt and extra.txt in your reply.

1 more replies
Relevance 31.98%
Question: Browers Hijacking

I have been fighting random security warnings from programs I do not have and my browers keeps switching to whatever it wants to. I have run Spyhunter to determine what trojan I am dealing with and it removed some. I am also experiencing some key strokes while typing. I have McAfee and Spybot and I continue to have issues. Please help.Deckard's System Scanner v20071014.68Run by Kyle Ross on 2008-04-19 15:46:19Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --84: 2008-04-19 21:46:40 UTC - RP820 - Deckard's System Scanner Restore Point83: 2008-04-19 16:45:45 UTC - RP819 - After McAfee82: 2008-04-19 01:19:04 UTC - RP818 - Removed LiveUpdate Notice (Symantec Corporation)81: 2008-04-17 23:57:18 UTC - RP817 - After spyhunter80: 2008-04-17 16:10:41 UTC - RP816 - Restore Operation-- First Restore Point -- 1: 2008-04-16 08:37:19 UTC - RP737 - System CheckpointBacked up registry hives.Performed disk cleanup.Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Kyle Ross.exe) -------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:49:20 PM, on 4/19/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\Syst... Read more

Answer:Browers Hijacking

Download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.REBOOTNext downloa... Read more

5 more replies
Relevance 31.98%
Question: Hijacking problems

Hi there-
Awhile ago I had problems and you directed me to use ATF, so I did that again. You also said to run Superantispyware, which I had downloaded on to my computer. So, I tried to run it, and it kept saying there was an error and had to close. Then, I tried to download it again, and as soon as it would go to the download page, a "internet explorer cannot display the webpage" screen came up. So I am not only getting hijacked, but it is preventing me from using superantispyware!

I ran Hijackthis, and here is my logfile. Anything you can tell me to help me will be very appreciated! Thank you very much! (I am mostly having problems with google links taking me to someplace other than what the linksays.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:28 AM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\... Read more

More replies
Relevance 31.98%

I know I read something like this on this website at one time. Anyway, I just finished building
my current PC described in my profile. All of a sudden MSN.com is hijacking my homepage
address and I can't change it to myyahoo.com permanently. Each time I log onto the internet
using my I.E. 7.0, it arrives at MSN.com, but I set it in the I.E. tools/internet options/homepage address to www.myyahoo.com, and it still is set that way.

Can you please tell me how to Execute (as in kill) the MSN.com bandit ?

ttwotees

It's okay to e-mail me.
 

More replies
Relevance 31.98%

On my vista home laptop ( I'm on my desktop now), I have a bad problem. Spy Protector has taken over. When I try to use the internet, I get redirected to spam. I can not install ANY anti malware/spyware protection as this malware is stopping them half way causing a blue screen and rebooting the pc.

I have scanned with the only thing I can do Eset Smart Security ( I cant even update it.) and nothing found. What can I do to fix this please?
now when i was doing windows update i rebooted and came back on it goes to the account login screen and says: "Configuring Updates 3 of 3 - 0% Pleas Wait..."
after a while it says: "Shutting Down..." then it restarts and does the same thing. over and over.
when i go to safe mode samething . how can i fix this?
 

Answer:Spy Protector hijacking

NVM i just did a factory restore as this is a new laptop and ther was really no loss. thanks anyway.
 

3 more replies