Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Hijacked Browser by Trustedsurf....

  • This topic is locked This topic is locked
7 replies to this topic

#1 Dbm1967


  • Members
  • 4 posts
  • Local time:01:34 AM

Posted 07 October 2016 - 10:52 AM

Hi there....I hope someone can help with my problem...a few weeks ago I noticed my internet explorer kept on being redirected to TRUSTEDSURF .COM...

ever since,my computer takes an age to boot up and internet explorer runs very slowly too.

Also many of my other programs wont open or take forever to load...

I just changed the target field on internet explorer to delete the TRUSTEDSURF parameter and this seemed to work - at least it opens faster now and the home page defaults to Google.

However I feel that what ive done has only masked the problem and I would really appreciate any help to clear the problem entirely .

I'm not overly computer savvy so please go gentle with me...



Attached File  Addition_07-10-2016 16.21.15.txt   67.53KB   3 downloads


Attached File  FRST_07-10-2016 16.21.15.txt   84.44KB   5 downloads


Many thanks Dave....

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,752 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 PM

Posted 08 October 2016 - 10:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2983028514-156204740-1369530754-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdV8PVghBEhhBd1taTA1CFwYOIQ0OABRBEQUQeVoMUltJEgcFIk0FA1ADB0VXfVBdFElXTwh0IVdcBEszVEdQNA==
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCdV8PVghBEhhBd1taTA1CFwYOIQ0OABRBEQUQeVoMUltJEgcFIk0FA1ADB0VXfVBdFElXTwh0IVdcBEszVEdQNA==
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2983028514-156204740-1369530754-1000 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-2983028514-156204740-1369530754-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
Toolbar: HKLM - No Name - {41534932-2D56-3600-76A7-7A786E7484D7} -  No File
Toolbar: HKLM-x32 - No Name - {41534932-2D56-3600-76A7-7A786E7484D7} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\19.4.0\ViProtocol.dll [2016-04-17] (AVG Secure Search)
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\ => not found
FF HKU\S-1-5-21-2983028514-156204740-1369530754-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\19.4.0\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\\npapicomadapter.dll [No File]
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
CHR HomePage: Default -> search.mpc.am
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll => No File
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Family\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Extension: (Google Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (GoPhotoIt Chrome Extension) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\begbnpffhnpedhocnobliippgejhjpfp [2014-02-02]
CHR Extension: (McAfee Security Scan+) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-26] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Skype Click to Call) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-06] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-22] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Norton Security Toolbar) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-04-29] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR HKU\S-1-5-21-2983028514-156204740-1369530754-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [begbnpffhnpedhocnobliippgejhjpfp] - C:\Users\Family\AppData\Roaming\Cool Mirage Ltd\gophotoit\\gophotoit.crx <not found>
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
Task: {7B7E574C-BF42-43D2-926D-3DDC9603A492} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{E0A6E83E-5C7B-46EA-85F2-9B6681B681F0}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{E0A6E83E-5C7B-46EA-85F2-9B6681B681F0}.exe <==== ATTENTION
ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1462266803&a=1024132&src=sh&uuid=148decf2-b170-4fb3-bf37-7ee72616ce91"
ShortcutWithArgument: C:\Users\Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1462266803&a=1024132&src=sh&uuid=148decf2-b170-4fb3-bf37-7ee72616ce91"
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA [470]
AlternateDataStreams: C:\ProgramData\Temp:11590865 [138]
AlternateDataStreams: C:\ProgramData\Temp:12258D63 [125]
AlternateDataStreams: C:\ProgramData\Temp:1A15E356 [494]
AlternateDataStreams: C:\ProgramData\Temp:1ECED34B [136]
AlternateDataStreams: C:\ProgramData\Temp:206470A5 [217]
AlternateDataStreams: C:\ProgramData\Temp:2163E78C [280]
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9 [478]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [270]
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D [500]
AlternateDataStreams: C:\ProgramData\Temp:491270B8 [215]
AlternateDataStreams: C:\ProgramData\Temp:4CA05B44 [217]
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B [210]
AlternateDataStreams: C:\ProgramData\Temp:69F562A6 [242]
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A [466]
AlternateDataStreams: C:\ProgramData\Temp:997DA6D7 [272]
AlternateDataStreams: C:\ProgramData\Temp:9FD757A9 [436]
AlternateDataStreams: C:\ProgramData\Temp:A02025CE [222]
AlternateDataStreams: C:\ProgramData\Temp:A3E39C6A [107]
AlternateDataStreams: C:\ProgramData\Temp:A900C3A3 [128]
AlternateDataStreams: C:\ProgramData\Temp:ADEBE9CA [282]
AlternateDataStreams: C:\ProgramData\Temp:B0456F0C [231]
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004 [216]
AlternateDataStreams: C:\ProgramData\Temp:C0893153 [216]
AlternateDataStreams: C:\ProgramData\Temp:C22674B6 [105]
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2 [488]
AlternateDataStreams: C:\ProgramData\Temp:EA2D3047 [458]
AlternateDataStreams: C:\ProgramData\Temp:F2721624 [730]
AlternateDataStreams: C:\ProgramData\Temp:F84B8DB5 [170]

C:\Program Files\OutfoxTV
C:\Program Files (x86)\Viewpoint

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.

Be careful not to install malware posing as Java update!
Important read this blog.

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:

How to disable Java in your browsers

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Please post the Fixlog.txt and let me know if the problem persists.

#3 Dbm1967

  • Topic Starter

  • Members
  • 4 posts
  • Local time:01:34 AM

Posted 09 October 2016 - 07:43 AM

Hi Nasdaq..Thanks for your quick response, we have followed your instructions but when we get to the run FRST part we dont have a 'fix' option and we have an error message that says FRST cannot be found. 


Many thanks Dave

#4 nasdaq


  • Malware Response Team
  • 40,752 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 PM

Posted 09 October 2016 - 09:40 AM

The Farbar program is located in this Desktop folder.
Running from C:\Users\Family\Desktop

The fix file must be named Fixlist.txt and located in the Desktop folder in bold above.

Post the Fixlog.txt if you can.

#5 Dbm1967

  • Topic Starter

  • Members
  • 4 posts
  • Local time:01:34 AM

Posted 09 October 2016 - 11:47 AM

Hi Nasdaq..Hopefully this is what you need...Thanks Dave..


Attached File  Fixlog.txt   19.06KB   2 downloads


#6 nasdaq


  • Malware Response Team
  • 40,752 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 PM

Posted 10 October 2016 - 10:01 AM


How is the computer running now?

#7 Dbm1967

  • Topic Starter

  • Members
  • 4 posts
  • Local time:01:34 AM

Posted 10 October 2016 - 10:36 AM

Hi Nasdaq everything seems to be working fine now fingers crossed....Thanks for all your help... :bounce: cheers Dave....

#8 nasdaq


  • Malware Response Team
  • 40,752 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:34 PM

Posted 10 October 2016 - 12:36 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users