Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.11.2024 / 21:45
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > getting tired of my browser being hijacked
Show topics
 
Forums
Forums
Getting tired of my browser being hijacked
  Jump to:
 
Posted Message
johnusn
Suspended due to non-functional email address
_ 		26. July 2006 @ 13:49 _ Link to this message    Send private message to this user   
Have tried everything and can't stop my home page from changing:

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:28:03 PM, on 7/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\1147124820\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
D:\PROGRA~1\Trend Micro\Internet Security 2006\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
D:\PROGRA~1\Trend Micro\Internet Security 2006\Tmntsrv.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
D:\PROGRA~1\Trend Micro\Internet Security 2006\TmPfw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1147124820\ee\AOLSoftware.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
D:\PROGRA~1\Panicware\Pop-Up Stopper Basic\PSBasic.exe
D:\Program Files\America Online 9.0\waol.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1147124820\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCEvtHdlr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
D:\Program Files\America Online 9.0\shellmon.exe
C:\program files\common files\aol\1147124820\ee\services\sscAntiSpywarePlugin\ver1_205_1_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
D:\PROGRA~1\Trend Micro\Internet Security 2006\tmproxy.exe
c:\program files\common files\aol\1147124820\ee\aolssc.exe
C:\WINNT\explorer.exe
D:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home-pogop.jsp?sls=2&site=pogop&lkey=Q3m...
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - D:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINNT\system32\rlmtcs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - D:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147124820\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1147124820\ee\services\sscFirewallPlugin\ver1_205_1_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [PopUpStopperBasic] "D:\PROGRA~1\Panicware\Pop-Up Stopper Basic\PSBasic.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AOL Fast Start] "D:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/shared/mcgdmgr/en-us/1,0,0,20/McGDMgr.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - Unknown owner - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (file missing)
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1147124820\ee\services\sscFirewallPlugin\ver1_205_1_1\aolavupd.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\antivirus\mcshield.exe
O23 - Service: McAfee Personal firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - D:\PROGRA~1\Trend Micro\Internet Security 2006\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - D:\PROGRA~1\Trend Micro\Internet Security 2006\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - D:\PROGRA~1\Trend Micro\Internet Security 2006\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - D:\PROGRA~1\Trend Micro\Internet Security 2006\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Keeps going to Google...well at least the porn seems to have stopped
[ + quote]
thugs121
Member
_ 		26. July 2006 @ 17:38 _ Link to this message    Send private message to this user   
johnusn:

Download the following software:

Crap Cleaner: http://majorgeeks.com/download.php?det=4191

Ewido Anti-Spyware: http://www.ewido.net/en/download/

Java: http://java.com/en/download/windows_xpi.jsp

- You Java version is out of date and could be prone to vulnerabilities

After installing Crap Cleaner (CCleaner), run it and select Run Cleaner. Depending on how much stuff you've accumulated, it could be really fast or might take a few moments...

After installing (or perhaps during installation), update Ewido for the latest signatures. This program's shareware for 30 days, but it will become the limited, free version after 30 days. Don't worry, as the definition updates are free... We will do a scan later...

Open up Crap Cleaner, select Tools from the left side. Scroll down list and look for J2SE Runtime Environment 5.0 Update 6 (or something similar). After removal (if it prompts you to reboot the computer, go ahead and do so). If not, go ahead and install the udpated version of Java from the link above.

After all that, go ahead and boot into safe mode. Instructions here: http://www.pchell.com/support/safemode.shtml ...

After you have successfully booted into safe mode, run Hijack This (Perform a system scan only) and place a checkmark for the following entries:


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gophersearch.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gophersearch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gophersearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home-pogop.jsp?sls=2&site=pogop&lkey=Q3m...

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gophersearch.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: ohb - {E8888041-B24A-4B0B-911B-12B018E43F21} - C:\WINNT\system32\rlmtcs.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)


After using Hijack This to remove those, run Ewido (Scanner --> Complete System Scan)

When Ewido detects something, it may prompt you for an action to do something. You can either Quarantine or Remove it. I would first quarantine it just to be sure.

After the scan has completes, post a new log using Hijack This and from Ewido...

[ + quote]






- Ideal way to deal with the MPAA~RIAA
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > getting tired of my browser being hijacked
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork