This self-help guide will allow you to remove the Bulldog-search.com Hijacker




What this program does:

Hijacks your browser and Internet search to Bulldog-search.com. Downloads other spyware/malware and installs them on your computer.


Tools Needed for this fix:

Related Tutorials:

Symptoms in a HijackThis Log specific to this hijacking:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.buldog-search.com/
O4 - HKCU\..\Run: [Update] C:\WINDOWS\system32\mshtm.exe


Other Symptoms in a HijackThis Log that could be related to this hijacking:

O2 - BHO: (no name) - {3E8B6658-EC3F-2497-DD75-17550D857C45} - C:\WINDOWS\System32\maphfiiw.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [xghohin] C:\WINDOWS\xghohin.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\vmware\LOCALS~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [Heps] C:\Documents and Settings\vmware\Application Data\ttsc.exe
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http:://public.windupdates.com/get_file.php?bt=ie&p=573af8772d479674f757e99c0ae5a12233ff6e8485701e9af477939194d9b37b62b35362ca
e3ad71537888d0c704c9216eb9fca0:5e54bbaefd54752b21d780358bc5840b O16 - DPF: {4CED8A06-396F-764F-4CA5-3EF37DD4B2B7} - http:://69.50.177.100/1/rdgUS1332.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http:://www.mt-download.com/MediaTicketsInstaller.cab

 



Removal Instructions:
  1. Connect to the Internet and stay connected throughout this entire removal process.

  2. Download HijackThis from the above link and extract it to c:\hijackthis.

  3. Print out these instructions.

  4. Reboot your computer into Safe Mode. Instructions can be found at the link below:

    How to boot Windows into Safe Mode

  5. Close Internet Explorer and keep it closed throughout the entire removal process.

  6. Enter the control panel by clicking on the Start menu, then clicking on Run.

  7. Now type control in the Open field and press the OK button.

  8. Double-click on the Add/Remove Programs icon.

  9. Look for and uninstall the following entries if found in the Add/Remove Programs window. Do not reboot if prompted untill all of the below programs are uninstalled.

    Active alert
    ISTsvc
    Internet Optimizer
    Search Extender
    Shopping Wizard
    Sidefind
    Slotchbar
    The Bullseye Network
    Uninstall 180searchassistant
    Webrebates
    Win AdTools

    It may prompt about whether or not you are sure you want to remove this program. Always read it carefully and choose the option that states you want to remove all components of this program.

  10. Navigate to the c:\hijackthis directory and double-click on HijackThis

  11. When the program starts, double-click on the HijackThis icon and then click on the Scan button.

  12. Put a checkmark next to the following entries if they exist:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:://www.buldog-search.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:://www.buldog-search.com/
    O2 - BHO: (no name) - {3E8B6658-EC3F-2497-DD75-17550D857C45} - C:\WINDOWS\System32\maphfiiw.dll
    O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O4 - HKCU\..\Run: [Update] C:\WINDOWS\system32\mshtm.exe
    O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [xghohin] C:\WINDOWS\xghohin.exe
    O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\vmware\LOCALS~1\Temp\djtopr1150.exe"
    O4 - HKCU\..\Run: [Heps] C:\Documents and Settings\vmware\Application Data\ttsc.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http:://public.windupdates.com/get_file.php?bt=ie&p=573af8772d479674f757e99c0ae5a12233ff6e8485701e9af477939194d9b37b62b35362ca
    e3ad71537888d0c704c9216eb9fca0:5e54bbaefd54752b21d780358bc5840b O16 - DPF: {4CED8A06-396F-764F-4CA5-3EF37DD4B2B7} - http:://69.50.177.100/1/rdgUS1332.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http:://www.mt-download.com/MediaTicketsInstaller.cab
  13. Then click the Fix button
  14. Exit HijackThis.
  15. Reboot your computer
  16. Delete the following directories or files if they exist:

    C:\WINDOWS\system32\mshtm.exe
    C:\Program Files\Windows AdTools\
    C:\Program Files\Web_Rebates\
    c:\temp\salm.exe
    C:\Program Files\BullsEye Network\
    C:\WINDOWS\xghohin.exe
    C:\Program Files\Web_Rebates\
  17. Run two online virus scans:

    http://housecall.antivirus.com/
    http://www.pandasoftware.com/activescan/


Now your computer should no longer be infected with Bulldog-search.com hijacker. It may be possible that you still have some spyware or malware installed on your computer. If you feel this is the case, follow the instructions below to post a HijackThis log and someone will help you to remove the rest.

 

This is a self-help guide. Use at your own risk.



BleepingComputer.com can not be held responsible for problems that may occur by using this information. If you would like help with any of these fixes, you can post a HijackThis log in our HijackThis Logs and Analysis forum.

If you have any questions about this self-help guide then please post those questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum and someone will help you.