Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 bigcraig

bigcraig

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 12 October 2010 - 03:50 PM

Hello. I'm hoping you can help. I am having issues with accessing the internet. It takes about 3 attempts to access explorer and most websites and we get several random popup messages when surfing. I am also having issues with downloading any type of antivirus protection - it tells me there is no internet connection and will not let me install.

Also, I've completed every step in the preperation guide except for step 4. I don't have an "options" choice on my control panel screen.


Here is an example of the "cannot display the webpage message":

Internet Explorer cannot display the webpage

What you can try:
It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.

Retype the address.

Go back to the previous page.

Most likely causes:
•You are not connected to the Internet.
•The website is encountering problems.
•There might be a typing error in the address.

More information

This problem can be caused by a variety of issues, including:
Internet connectivity has been lost.The website is temporarily unavailable.The Domain Name Server (DNS) is not reachable.The Domain Name Server (DNS) does not have a listing for the website's domain.If this is an HTTPS (secure) address, click tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
For offline users
You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds
Click the Favorites Center button , click Feeds, and then click the feed you want to view.
To view recently visited webpages (might not work on all pages)
Click Tools , and then click Work Offline.Click the Favorites Center button , click History, and then click the page you want to view.



DDS (Ver_10-10-10.03) - NTFSx86
Run by HP_Administrator at 11:49:05.20 on Tue 10/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.274 [GMT -5:00]

AV: Trend Micro AntiVirus - Virus Protection *On-access scanning enabled* (Outdated) {9596F8E6-38C3-4C51-80B9-8C94D2E25B07}
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FileHippo.com\UpdateChecker.exe
C:\Program Files\UFDisk\UFDisk Format Tool\iFormat.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Windows\shell.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\dwm.exe
"C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\svchost.exe" i
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\4RU0O62W\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uWinlogon: Shell=explorer.exe,c:\documents and settings\hp_administrator\application data\microsoft\windows\shell.exe
uWindows: Load=c:\docume~1\hp_adm~1\locals~1\temp\dwm.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\webhelper.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Fast Browser Search: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ShutterflyStudio] "c:\program files\shutterfly\studio\bin\SFlyStudio.exe" /trayonly
uRun: [vtttttaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [rqroonaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [jkhffgaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [tutrqnaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [bywtusaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [oponlkaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [nnmjjhaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [ddayyaaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [qommklaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [wvwussaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [cbyvvtaudio] "rundll32.exe" "hgfggd.dll",s
uRun: [vtusrqaudio] rundll32.exe "hgfggd.dll",s
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [fcbabcsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [nnkkjiaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [yabxwxsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [efdayaaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [gebayvsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [iihhiiaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [khghghsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [hgfgfgaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [opqrqpsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [wvwtroaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [effcyyaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [qomljjsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [yaxuussys] "rundll32.exe" "pmnnnm.dll",s
mRun: [geddbyaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [awwvvvsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [geedcdaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [jkjgedsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [vtutqraudio] "rundll32.exe" "hgfggd.dll",s
mRun: [ddbyxvaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [ljkklisys] "rundll32.exe" "pmnnnm.dll",s
mRun: [fccbawsys] "rundll32.exe" "pmnnnm.dll",s
mRun: [ursqnlaudio] "rundll32.exe" "hgfggd.dll",s
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
mRun: [rqpnonsys] rundll32.exe "pmnnnm.dll",s
mRun: [fcyyxxaudio] rundll32.exe "hgfggd.dll",s
mRun: [svchost] c:\documents and settings\hp_administrator\application data\microsoft\svchost.exe
dRun: [jkhhfcsys] rundll32.exe "pmnnnm.dll",s
dRun: [jkjgheaudio] rundll32.exe "hgfggd.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iformat.lnk - c:\program files\ufdisk\ufdisk format tool\iFormat.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
Trusted Zone: trymedia.com
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://mygmgw.gm.com/http://usabhemama06.mail.gm.com/iNotes6W.cab
DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158942859562
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1207755238_f3f8237a8760124258311e3891382f43&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://mygmgw.gm.com/http://usabhemama06.mail.gm.com/dwa8W.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 93.188.162.83,93.188.161.223
TCP: {E607380C-F493-4960-924E-CA85FD3CBFDE} = 93.188.162.83,93.188.161.223
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 pmnnnm.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-10-6 36368]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2007-10-6 3572592]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [2004-9-1 28080]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2006-11-4 10256]
S3 sysrest.sys;sysrest.sys;\??\c:\windows\system32\sysrest.sys --> c:\windows\system32\sysrest.sys [?]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-5-25 1119888]
S4 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\antivirus 2007\components\TmProxy.exe [2007-1-22 566872]

=============== Created Last 30 ================

2010-10-10 12:35:14 -------- d-----w- c:\program files\CCleaner
2010-10-10 12:28:07 -------- d-----w- c:\program files\FileHippo.com
2010-10-01 19:05:54 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\SMZADFEHS
2010-10-01 19:05:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\80b944
2010-09-26 16:58:33 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\vShare
2010-09-26 16:57:40 -------- d-----w- c:\program files\vShare
2010-09-26 03:00:35 101888 ---ha-w- c:\windows\system32\hgfggd.dll
2010-09-26 02:55:27 107520 ---ha-w- c:\windows\system32\pmnnnm.dll
2010-09-26 02:55:23 114176 ----a-w- c:\docume~1\hp_adm~1\applic~1\microsoft\windows\shell.exe
2010-09-26 02:55:22 96768 ----a-w- c:\docume~1\hp_adm~1\applic~1\microsoft\svchost.exe
2010-09-25 21:03:07 -------- d-----w- c:\program files\DsNET Corp
2010-09-25 19:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-09-25 19:00:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-09-25 19:00:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-09-25 18:31:47 -------- d-----w- c:\program files\Microsoft
2010-09-25 18:31:41 -------- d-----w- c:\program files\MSN Toolbar
2010-09-25 18:30:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2010-09-25 18:30:17 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\Azureus
2010-09-25 18:28:38 -------- d-----w- c:\program files\Bing Bar Installer
2010-09-24 22:45:22 -------- d-----w- c:\docume~1\hp_adm~1\applic~1\SopCast
2010-09-24 22:35:07 -------- d-----w- c:\program files\Sopcast_plugin
2010-09-19 15:42:00 -------- d-----w- c:\program files\Free_TV_Bar_c3
2010-09-19 15:42:00 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\Temp

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

============= FINISH: 11:51:05.85 ===============

Thanks,
Craig

Now I have lost my Internet connection completely and can't access my control panel. Why did this happen?

Craig

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 12 October 2010 - 04:48 PM.


BC AdBot (Login to Remove)

 


#2 bigcraig

bigcraig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 13 October 2010 - 07:45 AM

I have update on my PC.

When I power up my computer the following error pops up several times.

"Error loading hgfggd.dll

The specific module couldn't be found".

I'm also getting a message that says "Generic host process for Win32 services".

My other issue is I can't open anything and I don't have an Internet connection.

Any help would be greatly appreciated.



#3 bigcraig

bigcraig
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 14 October 2010 - 06:58 AM

I no longer need help, so please don't waste any time on this issue.

Thanks
Craig

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 14 October 2010 - 04:30 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users