Browser Keeps Getting Hijacked

Discussion in 'Computer Support' started by Rosco, Mar 3, 2004.

  1. Rosco

    Rosco Guest

    Something keeps changing my hopepage to http://yoursearch.cc . I have
    run Spybot Search & Destroy and Adware over and over. I even have
    Browser Hiijack Blaster but something keeps changing it. Another
    problem is sometimes when I search for something (google is default)
    many of the links that come back with the search lead to http://search-
    biz.cc/se.php?qq="whatever im searching"
    IE.
    I searched Hiijackthis in google because I could not find it on my
    harddrive

    two links that returned were said the proper address in the description
    but when I clicked them i went to http://search-
    biz.cc/se.php?qq=hiijackthis


    Here is my Hiijack This log

    Logfile of HijackThis v1.97.7
    Scan saved at 3:48:15 AM, on 3/3/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\MAINSERV.EXE
    C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
    C:\PROGRAM FILES\LEXMARKX84-X85\ACMONITOR_X84-X85.EXE
    C:\PROGRAM FILES\LEXMARKX84-X85\ACBTNMGR_X84-X85.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
    C:\PROGRAM FILES\CREATIVE\SBAUDIGY\TASKBAR\CTLTRAY.EXE
    C:\PROGRAM FILES\REALVNC\WINVNC\WINVNC.EXE
    C:\PROGRAM FILES\MACRO EXPRESS3\MACEXP.EXE
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\APCSYSTRAY.EXE
    C:\PROGRAM FILES\BROWSER HIJACK BLASTER\BHBLASTER.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\XNEWS\XNEWS.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\TEMP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://www.google.com/ie_rsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.msn.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://
    my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://
    www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://
    www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://
    my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    =
    http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://
    www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    http://www.google.com/ie_rsearch.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    http://www.google.com/keyword/%s
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
    C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} -
    C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
    O2 - BHO: (no name) - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} -
    C:\PROGRA~1\MACROE~1\ICAPTURE.DLL
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-
    0090271D4F88} - C:\PROGRAM
    FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
    O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} -
    C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
    Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SPLASH
    SCREEN\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [Jet Detection] C:\Program
    Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor]
    C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
    O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager]
    C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
    O4 - HKLM\..\Run: [LexStart] Lexstart.exe
    O4 - HKLM\..\Run: [Zone Labs Client]
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    O4 - HKLM\..\RunServices: [APC_SERVICE] C:\Program Files\APC\APC
    PowerChute Personal Edition\mainserv.exe
    O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger
    Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\RunServices: [TrueVector]
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
    O4 - HKCU\..\Run: [TaskTray] C:\Program
    Files\Creative\SBAudigy\Taskbar\CTLTray.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus!
    2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN
    MESSENGER\MSNMSGR.EXE" /background
    O4 - Startup: Run VNC Server.lnk = C:\Program
    Files\RealVNC\WinVNC\winvnc.exe
    O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute
    Personal Edition\Display.exe
    O4 - Startup: Macro Express 3.lnk = C:\PROGRA~1\MACROE~1\macexp.exe
    O8 - Extra context menu item: &Download with &DAP -
    C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP -
    C:\PROGRA~1\DAP\dapextie2.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program
    Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program
    Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100
    (HKLM)
    O9 - Extra 'Tools' menuitem: @C:\PROGRAM
    FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM)
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O12 - Plugin for .ASP: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)
    - http://download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class)
    -
    http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dl
    l
     
    Rosco, Mar 3, 2004
    #1
    1. Advertisements

  2. I don't see it but I've placed it on a specialised forum, see what they
    say.

    You could do with a bit of performance tuning once this is sorted.
     
    Jeroen Wijnands, Mar 3, 2004
    #2
    1. Advertisements

  3. Rosco

    doS Guest

    http://www.majorgeeks.com/download4086.html

     
    doS, Mar 3, 2004
    #3
  4. Rosco

    °Mike° Guest

    It sounds like CoolWebSearch.

    CWShredder (CoolWebSearch remover)
    http://www.merijn.org/cwschronicles.html
    http://www.merijn.org/files/cwshredder.zip
    http://doxdesk.com/parasite/CoolWebSearch.html

    If merijn.org is out of action, you can get new update
    from one of the links below:
    http://makeashorterlink.com/?H24932667
    http://www.zerosrealm.com/downloads/CWShredder.zip
    http://www.lurkhere.com/~nicefiles/cwshred15.zip
    http://www.spywareinfo.com/downloads/tools/CWShredder.exe
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip



    <snip>
     
    °Mike°, Mar 4, 2004
    #4
  5. Rosco

    Rosco Guest

    Jeroen Wijnands cried out
    yeah i crammed too much on this pc suprised it runs as well as it does
    for 400mhz
     
    Rosco, Mar 4, 2004
    #5
  6. Rosco

    Rosco Guest

    Thank you to everyone for your help on this. It seems that CWShredder
    has resolved my drama.
    Would anyone by chance know how or where this may bave gotten into my
    system. I like to think I am pretty good on catching spyware, adware,
    popups, etc. I have a router, zonealarm, guard ie, browswer hiijack
    blaster, spyware blaster,adware, and spybot search & destroy. Browser
    Jijack blaster seems to be the only thing picking up anything, all it
    picked up was home and search page changes.



    Jeroen Wijnands cried out
     
    Rosco, Mar 4, 2004
    #6
  7. Rosco

    Randy Bard Guest

    <snip>

    Internet Explorer is targeted by these things. May I suggest Mozilla
    Firebird as an alternative? You will not be bothered with all this junk
    and it is a much better browser anyway.
     
    Randy Bard, Mar 4, 2004
    #7
  8. Rosco

    °Mike° Guest

    If BHB seems to be catching everything, isn't it
    any wonder that the others don't seem to be?
    Think about it.....

    Also, read the links I gave.
     
    °Mike°, Mar 4, 2004
    #8
  9. Rosco

    doS Guest

    You're not as good as you thought...

     
    doS, Mar 4, 2004
    #9
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.