Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Has Been Hijacked


  • Please log in to reply
5 replies to this topic

#1 karenc31

karenc31

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 18 March 2006 - 08:49 AM

Hi there

This is the second time my browser has been hijacked, problems i experience is when using
google im redirected to other pages. NIGHTMARE

The first time i fixed it by restoring my computer but have tried to do that but just kept saying
unable to restore. Have ran ad-aware and spy bot numerous times, and i have removed critical objects but
as soon as i go back on to the internet again my searches are redirected.

I have read about HJT on the forums but im worried about using it as im worried about deleting things i shouldnt. and im also not very good when it comes to computers

Would appreciate some help, please can you keep it as simple as possible :thumbsup:

Thanks Canyon

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:09:53 AM

Posted 18 March 2006 - 09:57 AM

It is wise to worry about deleting things that you shouldn't, since it could do serious harm to your computer.

You can submit a HJT log to our volunteer team of experts who will use it to analyse your problem and then walk you though deleting the malware stop by step. This way you do not have to worry about making a mistake.

Instructions for posting a log are here:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Help is on the way!

Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 karenc31

karenc31
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 18 March 2006 - 08:13 PM

hi there

Thanx for getting back to me so quickly. I hope you can help me get rid of this browser hijacker
I have followed the link you sent me and i have also installed a firewall now... really technical stuff for
me :thumbsup:

Below is the notepad results of HJT, i hope it this is ok, as i'm not sure what i was doing but i think that this is right ..

Look forward to hearing from you

Many thanx Canyon (Karen)

Logfile of HijackThis v1.99.1
Scan saved at 01:01:21, on 19/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\dmbuf.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Karen Tait\Desktop\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {61C55C2A-14AD-4382-8239-48DD8BF6FA01} - C:\WINDOWS\System32\jpio.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: (no name) - {F6243730-FCF8-D554-D0EE-D30FA5964DC7} - C:\WINDOWS\System32\lszhcmu.dll (file missing)
O2 - BHO: (no name) - {F624374A-FCFE-A055-D0E6-D40FA7904DCD} - C:\WINDOWS\System32\lszhcmu.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NsaSBb] C:\WINDOWS\lwderf.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [bO#y-] C:\WINDOWS\lwderf.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [bO/G%)fNbC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\lwderf.exe
O4 - HKLM\..\Run: [zdablpu] c:\windows\system32\zdablpu.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [dmbuf.exe] C:\WINDOWS\System32\dmbuf.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [KY Control Settings] KYSVCCD.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [KY Control Settings] KYSVCCD.EXE
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKCU\..\Run: [Eoub] C:\Program Files\aemu\ucio.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{111BF597-95EB-4358-816B-5CCDD04A4144}: NameServer = 85.255.113.131,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{816A3747-56BA-4EA9-A68C-A7536ADB945B}: NameServer = 85.255.113.131,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5BA0824-1320-4957-967C-3A7FD370CE19}: NameServer = 85.255.113.131,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{FAF753EC-AE5D-4D3F-8637-3E0107661FD4}: NameServer = 85.255.113.131,85.255.112.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFC45C3E-738E-4EFB-A69F-AB0ED7BC92A3}: NameServer = 85.255.113.131,85.255.112.123
O17 - HKLM\System\CS1\Services\Tcpip\..\{111BF597-95EB-4358-816B-5CCDD04A4144}: NameServer = 85.255.113.131,85.255.112.123
O17 - HKLM\System\CS2\Services\Tcpip\..\{111BF597-95EB-4358-816B-5CCDD04A4144}: NameServer = 85.255.113.131,85.255.112.123
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Smart Card Client (SCardClnt) - Unknown owner - C:\WINDOWS\System32\SCardClnt.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#4 karenc31

karenc31
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 19 March 2006 - 05:58 PM

Hi there

have posted a copy of my HJT log, am i supposed to post this to the specific topic for HJT.

Not sure !!!!!, :thumbsup:

Many thanx

Karen

Edited by karenc31, 19 March 2006 - 06:20 PM.


#5 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:08:53 AM

Posted 19 March 2006 - 06:56 PM

Create a "New Topic" in the HJT forum, and post it there.
"2007 & 2008 Windows Shell/User Award"

#6 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:10:53 AM

Posted 19 March 2006 - 07:02 PM

You should read this before posting.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users