Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacked


  • This topic is locked This topic is locked
2 replies to this topic

#1 bonecold

bonecold

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 02 March 2009 - 02:56 PM

when clinking on a link or from the address bar, all links are redirected to random sites.
yahoo and google searches do not work.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/31/2005 7:19:16 PM
System Uptime: 3/2/2009 1:59:15 PM (1 hours ago)

Motherboard: Dell Inc. | | 0C5668
Processor: Intel® Pentium® M processor 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 42.91 GiB free.
D: is CDROM (CDFS)
E: is FIXED (FAT32) - 466 GiB total, 292.341 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2B1C84E1374FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2B1C84E1374FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10208086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10208086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP780: 11/4/2008 7:05:11 PM - System Checkpoint
RP781: 11/5/2008 9:29:28 PM - System Checkpoint
RP782: 11/6/2008 10:03:42 PM - System Checkpoint
RP783: 11/10/2008 1:14:06 PM - System Checkpoint
RP784: 11/11/2008 10:16:47 PM - System Checkpoint
RP785: 11/13/2008 4:35:19 AM - System Checkpoint
RP786: 11/14/2008 11:33:46 AM - System Checkpoint
RP787: 11/20/2008 11:06:39 PM - System Checkpoint
RP788: 11/27/2008 10:22:57 AM - System Checkpoint
RP789: 11/28/2008 11:50:02 AM - System Checkpoint
RP790: 11/29/2008 9:29:49 PM - System Checkpoint
RP791: 12/1/2008 10:22:19 AM - System Checkpoint
RP792: 12/3/2008 12:49:08 PM - System Checkpoint
RP793: 12/8/2008 11:01:57 AM - System Checkpoint
RP794: 12/9/2008 7:34:06 PM - System Checkpoint
RP795: 12/10/2008 7:34:51 PM - System Checkpoint
RP796: 12/17/2008 12:47:34 PM - System Checkpoint
RP797: 12/18/2008 3:44:47 PM - System Checkpoint
RP798: 12/21/2008 10:03:14 PM - System Checkpoint
RP799: 12/22/2008 11:18:39 PM - System Checkpoint
RP800: 12/24/2008 4:09:29 PM - System Checkpoint
RP801: 12/25/2008 10:09:14 PM - System Checkpoint
RP802: 12/27/2008 12:14:39 PM - System Checkpoint
RP803: 12/30/2008 10:18:51 PM - System Checkpoint
RP804: 1/1/2009 9:52:47 PM - System Checkpoint
RP805: 1/6/2009 12:35:27 PM - System Checkpoint
RP806: 1/7/2009 2:18:35 PM - System Checkpoint
RP807: 1/8/2009 5:14:21 PM - System Checkpoint
RP808: 1/13/2009 5:15:01 PM - System Checkpoint
RP809: 1/15/2009 3:31:57 AM - System Checkpoint
RP810: 1/16/2009 3:11:27 PM - System Checkpoint
RP811: 1/19/2009 2:56:31 PM - System Checkpoint
RP812: 1/20/2009 3:12:18 PM - System Checkpoint
RP813: 1/22/2009 12:54:02 PM - System Checkpoint
RP814: 1/23/2009 3:15:08 PM - System Checkpoint
RP815: 1/25/2009 11:40:15 AM - System Checkpoint
RP816: 1/28/2009 11:32:48 PM - System Checkpoint
RP817: 1/30/2009 12:39:36 PM - System Checkpoint
RP818: 2/1/2009 11:32:39 PM - System Checkpoint
RP819: 2/9/2009 9:17:09 PM - System Checkpoint
RP820: 3/2/2009 1:50:25 PM - Avg8 Update

==== Installed Programs ======================

3DTexturePainter for Adobe Photoshop v1.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced SystemCare 3
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
Authentium Web Install Helper
AutoUpdate
AVG Free 8.0
AVI Movie Player
Azureus 3.0
Browser Hijack Recover(BHR) 3.0
Camtasia Studio 5
Chameleon Submitter
Conexant D110 MDC V.9x Modem
ContextTool
Deal Info
Dell System Restore
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Drug Wars
Duke Nukem - Manhattan Project
Hauppauge English Help Files and Resources
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV Source Selector
Hauppauge WinTV2000
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
ICM532
ICQ
ICQ6
Internet Explorer Default Page
InterVideo FilterSDK for Hauppauge
iPod for Windows 2006-03-23
Ipswitch WS_FTP Professional 2006
iTunes
J2SE Runtime Environment 5.0 Update 11
LimeWire 4.18.8
Logitech® Camera Driver
Macromedia Flash Player
Magic ISO Maker v5.4 (build 0237)
McAfee SecurityCenter
McAfee VirusScan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Office FrontPage 2003
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Modem Helper
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
My Way Search Assistant
Nero Media Player
Nero OEM
NeroVision Express 2
neroxml
Netflix Movie Viewer
NVIDIA Drivers
Online Manuals for WinTV (English)
PACE System Files
PartyPoker
PDF Settings
PKR
Poker Replayer
PokerStars
QuickSet
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sonic DLA
Sonic Encoders
Sonic RecordNow! Deluxe
Sonic Update Manager
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
Texas Calculatem 4 with "AutoRead"
The Sims Livin' Large
TVUPlayer 1.5.12
Ultra WinCleaner Utility Suite 2000
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
VCRedistSetup
WD Diagnostics
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0
Windows Registry Repair Pro
Windows XP Service Pack 3
WinImage
WinRAR archiver
WinZip
XviD & MP3 Codec Pack (remove only)
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/2/2009 1:48:10 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/2/2009 1:48:10 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/2/2009 1:48:10 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
3/2/2009 1:48:10 PM, error: Service Control Manager [7002] - The Tdlpt service depends on the Parallel arbitrator group and no member of this group started.
3/2/2009 1:13:35 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume.
3/2/2009 10:26:24 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/2/2009 1:48:10 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
3/2/2009 2:08:52 PM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
3/2/2009 2:10:16 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:43 PM

Posted 16 March 2009 - 10:25 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:43 PM

Posted 24 March 2009 - 06:50 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users