Jump to content


Photo

Windows XP Browser Hijacked


  • This topic is locked This topic is locked
3 replies to this topic

#1 jaymonay

jaymonay

    Member

  • New Member
  • Pip
  • 1 posts

Posted 27 November 2009 - 03:36 PM

Here is the log file saved and created from the newest version of Hijack This. I have deleted all cookies, temporary files, ran spybot search and destroy, and maloware and removed all threats and spyware detected. I am lost and could use some help. Here is my log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:48 PM, on 11/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\WINDOWS\sYSteM32\SvchOst.eXE
I:\Program Files\MozyHome\mozybackup.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\ScanSoft\OmniPageSE\opware32.exe
I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
I:\Program Files\Canon\MyPrinter\BJMyPrt.exe
I:\Program Files\MozyHome\mozystat.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "I:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Omnipage] I:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] I:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKCU\..\Run: [Google Update] "I:\Documents and Settings\Joe Kearney\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Microsoft Office.lnk = I:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MozyHome Status.lnk = I:\Program Files\MozyHome\mozystat.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://I:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - I:\Program Files\PokerStars\PokerStarsUpdate.exe
O12 - Plugin for .spop: I:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - I:\Program Files\MozyHome\mozybackup.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3381 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 30 November 2009 - 04:05 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 30 November 2009 - 11:06 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost


Click on Fix Checked when finished and exit HijackThis.
Restart the computer normally.
===

RESTORE ORIGINAL HOSTS FILE - NOW VISTA COMPATIBLE.

Go to: http://www.funkytoad...w&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Include a fresh HijackThis log.

Let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,081 posts

Posted 14 December 2009 - 09:33 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button