browser hijack

Home Forums Contact

HijackThis Members

What the Tech? It's as easy as 1,2,3! ( Log In | Register )

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

Reply to this topic

Start new topic

browser hijack, opera and IE hijacked

padster999 View Member Profile	Dec 1 2006, 05:03 PM Post #1
New Member Group: New Member Posts: 1 Joined: 1-December 06 Member No.: 64,907 Operating System: xp	every time I log in google, BBC and barclays is redirected to a dodgy porn site. I have tried delting the host files from system32 etc. and I have also ran Spybot and adawre to no avail !! I have now ran hijack this and this is what the scan threw up. Logfile of HijackThis v1.97.7 Scan saved at 22:48:08, on 01/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\VdCap03C\StillMnt.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe C:\Program Files\Slim Multimedia Keyboard\OSD.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\Easy SpyRemover\EasySpyRemover.exe C:\Documents and Settings\Patterson & Son\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = bpubl007.hgo.se:3128 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Popup Manager - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [StillMnt] WCamRmv.exe /StartStillMnt O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU" O4 - Startup: Speedtouch Connection.lnk = C:\Program Files\Thomson\SpeedTouch USB\stdialup.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM) O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://rcmdemo.perfora.net/app/static/activex/msxml4.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.204.49.202/activex/AxisCamControl.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/...7609.5134027778 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.co.uk/SnapfishUKUpload.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0D806F5C-F347-41F7-90F9-F43B1333E2CD}: NameServer = 85.255.115.235,85.255.112.171 O17 - HKLM\System\CCS\Services\Tcpip\..\{57BB4ADA-4692-45EB-BCC2-3BEEBFF6FE53}: NameServer = 85.255.115.235 85.255.112.171 O17 - HKLM\System\CCS\Services\Tcpip\..\{6397A47B-E070-45C3-ADEA-7A95B29B0308}: NameServer = 85.255.115.235,85.255.112.171 O17 - HKLM\System\CCS\Services\Tcpip\..\{E8FA130E-AC29-4FD7-B4F6-D0352E052E99}: NameServer = 85.255.115.235,85.255.112.171 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.235 85.255.112.171 O17 - HKLM\System\CS1\Services\Tcpip\..\{0D806F5C-F347-41F7-90F9-F43B1333E2CD}: NameServer = 85.255.115.235,85.255.112.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.235 85.255.112.171 does anyone have any idea what I need to delte to sort my browsers out ???? I am a newbie and dont really understand all this thanks. Padtser

Start new topic

Replies (1 - 1)

LDTate View Member Profile	Dec 5 2006, 07:43 PM Post #2
Forum God Group: Root Admin Posts: 45,794 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Hello and Welcome to the Forum. Please delete any HijackThis Folders and Files you have now.Use Add/Remove Programs and remove HijackThis. What you have now is out dated. you can get a complete installer that installs HijackThis to C:\Program Files\HijackThis, making an entry in the start menu and also providing a desktop shortcut from http://www.thespykiller.co.uk/files/HJTsetup.exe . Click on the link and select Save, save it to your desktop and double click HJTsetup.exe. Open HijackThis and select: Do a system scan and save a log file. When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here plese use the [Add Reply] button below.

« Next Oldest · Infections Removal · Next Newest »

Reply to this topic

Start new topic

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Similar Topics

Similar Topics

Similar Topics

		Topic Title	Replies	Topic Starter	Views	Last Action
		Infections Removal Google redirects & spybot,hijack this problems 123» 7	99	arfon.jones	2,450	Yesterday, 04:21 PM Last post by: noahdfear
		Infections Removal [Closed] Vundo, Search Hijack, Safety Center and more probs	13	florinhelp	215	Yesterday, 07:30 AM Last post by: CatByte
		Infections Removal hijack this log. slow computer	1	crasher12	54	19th November 2009 - 06:53 PM Last post by: Dakeyras
		Infections Removal [Resolved] Malwarebytes Finds 2 hijack.windowsupdates files and cannot 123	35	azstokes	631	17th November 2009 - 01:31 PM Last post by: CatByte

Display Mode: Switch to: Standard · Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 21st November 2009 - 02:49 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy

Powered By IP.Board © 2009 IPS, Inc.