Yet Another Hijack! in microsoft.public.internetexplorer.general

Click Here to Install Silverlight

United States

Change

All Microsoft Sites

Microsoft Discussion Groups Home

Communities Home

Communities Worldwide

Yet Another Hijack! in microsoft.public.internetexplorer.general

Help

Search For:

In:

Buster

11/29/2006 3:57 AM PST

Question

My brouser has been hijacked and I've tried a number of things but finally
ran hijackthis and got the following results:
Logfile of HijackThis v1.99.1
Scan saved at 7:32:55 PM, on 30/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System
Mechanic Professional 6\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic
Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
/background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160571431437
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
file://c:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
file://c:\WINDOWS\Downloaded Program Files\InstBanr.ocx
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
file://c:\WINDOWS\Downloaded Program Files\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
file://c:\WINDOWS\Downloaded Program Files\AcPreview.ocx
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
NameServer = 85.255.113.122,85.255.112.169
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F6D71632-B9B6-4FA3-891E-3E2AB0C499F2}:
NameServer = 85.255.113.122,85.255.112.169
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122
85.255.112.169
O17 -
HKLM\System\CS1\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
NameServer = 85.255.113.122,85.255.112.169
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122
85.255.112.169
O17 -
HKLM\System\CS2\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
NameServer = 85.255.113.122,85.255.112.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122
85.255.112.169
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program
Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I'm no expert so can anyone please make sense of this and tell me what to do?
Thanks in advance
Buster

Was this post helpful to you?

Top

ccrashh

11/29/2006 10:41 AM PST

I'm sorry...but with every security and tool application under the sun
(Norton, System Mechanic, Windows Defender, SpyBot) installed on your machine
and a HUGE HijackThis log file, I am not sure what you would consider
"hijacked". If you machine is slow, I would assume it has to do something
with all the services you have running...I mean even things like ATI Hotkey
poller...do you really use hotkeys to change your video settings?

"Buster" wrote:

> My brouser has been hijacked and I've tried a number of things but finally
> ran hijackthis and got the following results:
> Logfile of HijackThis v1.99.1
> Scan saved at 7:32:55 PM, on 30/11/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5730.0011)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\WINDOWS\System32\GEARSec.exe
> C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
> C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\WINDOWS\System32\alg.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
> C:\Program Files\MSN Messenger\msnmsgr.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Program Files\Messenger\msmsgs.exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Paul\Desktop\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> http://mail.yahoo.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> Internet Explorer
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Windows Live Sign-in Helper -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
> - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> Defender\MSASCui.exe" -hide
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System
> Mechanic Professional 6\SystemGuardAlerter.exe"
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic
> Professional 6\SMSystemAnalyzer.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
> /background
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160571431437
> O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
> file://c:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
> O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
> file://c:\WINDOWS\Downloaded Program Files\InstBanr.ocx
> O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
> O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
> file://c:\WINDOWS\Downloaded Program Files\InstFred.ocx
> O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
> file://c:\WINDOWS\Downloaded Program Files\AcPreview.ocx
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{F6D71632-B9B6-4FA3-891E-3E2AB0C499F2}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O17 -
> HKLM\System\CS1\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O17 -
> HKLM\System\CS2\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
> Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program
> Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: LiveUpdate - Symantec Corporation -
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
> Corporation - C:\Program Files\Norton SystemWorks\Norton
> AntiVirus\navapsvc.exe
> O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton
> SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
> AntiVirus\IWP\NPFMntor.exe
> O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
> Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> SystemWorks\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Speed Disk service - Symantec Corporation -
> C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>
> I'm no expert so can anyone please make sense of this and tell me what to do?
> Thanks in advance
> Buster

Was this post helpful to you?

Top

Buster

11/29/2006 4:05 PM PST

Thanks for the comment. The machine is not slow, in fact it's very quick but
it is a top of the range dual processor with tons of RAM. It's just that the
bronzer has been hijacked and I can't do a restore to previous restore points.

No I don't need the video hot keys but how do I get rid of them?

Any further thoughts?
Thanks
Buster

"Buster" wrote:

> My brouser has been hijacked and I've tried a number of things but finally
> ran hijackthis and got the following results:
> Logfile of HijackThis v1.99.1
> Scan saved at 7:32:55 PM, on 30/11/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5730.0011)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\WINDOWS\System32\GEARSec.exe
> C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
> C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\WINDOWS\System32\alg.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
> C:\Program Files\MSN Messenger\msnmsgr.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Program Files\Messenger\msmsgs.exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Paul\Desktop\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> http://mail.yahoo.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> Internet Explorer
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Windows Live Sign-in Helper -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
> - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> Defender\MSASCui.exe" -hide
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System
> Mechanic Professional 6\SystemGuardAlerter.exe"
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic
> Professional 6\SMSystemAnalyzer.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
> /background
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160571431437
> O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
> file://c:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
> O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
> file://c:\WINDOWS\Downloaded Program Files\InstBanr.ocx
> O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
> O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
> file://c:\WINDOWS\Downloaded Program Files\InstFred.ocx
> O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
> file://c:\WINDOWS\Downloaded Program Files\AcPreview.ocx
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{F6D71632-B9B6-4FA3-891E-3E2AB0C499F2}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O17 -
> HKLM\System\CS1\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O17 -
> HKLM\System\CS2\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
> Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program
> Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: LiveUpdate - Symantec Corporation -
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
> Corporation - C:\Program Files\Norton SystemWorks\Norton
> AntiVirus\navapsvc.exe
> O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton
> SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
> AntiVirus\IWP\NPFMntor.exe
> O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
> Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> SystemWorks\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Speed Disk service - Symantec Corporation -
> C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>
> I'm no expert so can anyone please make sense of this and tell me what to do?
> Thanks in advance
> Buster

Was this post helpful to you?

Top

sgopus

11/29/2006 9:30 PM PST

Yes, there is a particular forum for posting hijackthis logs and this isn't it.
besides you didn't state what made you think your browser has been hijacked,
ie symptoms
errors, behaviour etc...
do a search for hijack this forums and the proper place to post your log.

"Buster" wrote:

> Thanks for the comment. The machine is not slow, in fact it's very quick but
> it is a top of the range dual processor with tons of RAM. It's just that the
> bronzer has been hijacked and I can't do a restore to previous restore points.
>
> No I don't need the video hot keys but how do I get rid of them?
>
> Any further thoughts?
> Thanks
> Buster
>
> "Buster" wrote:
>
> > My brouser has been hijacked and I've tried a number of things but finally
> > ran hijackthis and got the following results:
> > Logfile of HijackThis v1.99.1
> > Scan saved at 7:32:55 PM, on 30/11/2006
> > Platform: Windows XP SP2 (WinNT 5.01.2600)
> > MSIE: Internet Explorer v7.00 (7.00.5730.0011)
> >
> > Running processes:
> > C:\WINDOWS\System32\smss.exe
> > C:\WINDOWS\system32\csrss.exe
> > C:\WINDOWS\system32\winlogon.exe
> > C:\WINDOWS\system32\services.exe
> > C:\WINDOWS\system32\lsass.exe
> > C:\WINDOWS\system32\Ati2evxx.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\Program Files\Windows Defender\MsMpEng.exe
> > C:\WINDOWS\System32\svchost.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> > C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> > C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> > C:\WINDOWS\system32\spoolsv.exe
> > C:\WINDOWS\system32\Ati2evxx.exe
> > C:\WINDOWS\Explorer.EXE
> > C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> > C:\WINDOWS\System32\GEARSec.exe
> > C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> > C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
> > C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> > C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
> > C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> > C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> > C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> > C:\WINDOWS\system32\wdfmgr.exe
> > C:\WINDOWS\System32\alg.exe
> > C:\WINDOWS\system32\ctfmon.exe
> > C:\Program Files\Windows Defender\MSASCui.exe
> > C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> > C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
> > C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> > C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
> > C:\Program Files\MSN Messenger\msnmsgr.exe
> > C:\WINDOWS\system32\svchost.exe
> > C:\Program Files\Internet Explorer\IEXPLORE.EXE
> > C:\Program Files\Messenger\msmsgs.exe
> > C:\PROGRA~1\WINZIP\winzip32.exe
> > C:\Documents and Settings\Paul\Desktop\HijackThis.exe
> >
> > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> > http://mail.yahoo.com/
> > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> > Internet Explorer
> > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> > C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
> > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> > C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> > O2 - BHO: Windows Live Sign-in Helper -
> > {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> > Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> > O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> > c:\program files\google\googletoolbar1.dll
> > O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
> > - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> > O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> > Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> > O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
> > C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> > O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> > files\google\googletoolbar1.dll
> > O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> > C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> > O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> > Defender\MSASCui.exe" -hide
> > O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> > Shared\ccApp.exe"
> > O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System
> > Mechanic Professional 6\SystemGuardAlerter.exe"
> > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> > Destroy\TeaTimer.exe
> > O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic
> > Professional 6\SMSystemAnalyzer.exe"
> > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> > O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
> > /background
> > O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
> > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> > C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> > %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> > {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> > Diagnostic\xpnetdiag.exe (file missing)
> > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> > C:\Program Files\Messenger\msmsgs.exe
> > O9 - Extra 'Tools' menuitem: Windows Messenger -
> > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> > O11 - Options group: [INTERNATIONAL] International*
> > O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> > Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
> > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160571431437
> > O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
> > file://c:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
> > O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
> > file://c:\WINDOWS\Downloaded Program Files\InstBanr.ocx
> > O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
> > O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
> > file://c:\WINDOWS\Downloaded Program Files\InstFred.ocx
> > O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
> > file://c:\WINDOWS\Downloaded Program Files\AcPreview.ocx
> > O17 -
> > HKLM\System\CCS\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> > NameServer = 85.255.113.122,85.255.112.169
> > O17 -
> > HKLM\System\CCS\Services\Tcpip\..\{F6D71632-B9B6-4FA3-891E-3E2AB0C499F2}:
> > NameServer = 85.255.113.122,85.255.112.169
> > O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> > 85.255.112.169
> > O17 -
> > HKLM\System\CS1\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> > NameServer = 85.255.113.122,85.255.112.169
> > O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> > 85.255.112.169
> > O17 -
> > HKLM\System\CS2\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> > NameServer = 85.255.113.122,85.255.112.169
> > O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> > 85.255.112.169
> > O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> > C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> > O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> > C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> > O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> > O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
> > Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> > O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> > C:\WINDOWS\system32\Ati2evxx.exe
> > O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> > Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
> > O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> > C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> > O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> > C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> > O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> > Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> > O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
> > C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> > O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
> > O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> > Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> > 32\IDriverT.exe
> > O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program
> > Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> > O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
> > Files\iPod\bin\iPodService.exe
> > O23 - Service: LiveUpdate - Symantec Corporation -
> > C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> > O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
> > Corporation - C:\Program Files\Norton SystemWorks\Norton
> > AntiVirus\navapsvc.exe
> > O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton
> > SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> > O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> > Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
> > AntiVirus\IWP\NPFMntor.exe
> > O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
> > Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> > O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> > SystemWorks\Norton AntiVirus\SAVScan.exe
> > O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> > C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> > O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> > Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> > O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
> > C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> > O23 - Service: Speed Disk service - Symantec Corporation -
> > C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> > O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> > Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> >
> > I'm no expert so can anyone please make sense of this and tell me what to do?
> > Thanks in advance
> > Buster

Was this post helpful to you?

Top

Buster

11/29/2006 9:52 PM PST

Thanks for that. Basically when I do search and then click on a link, it
goes to a different page than requested. That's all really although I don't
seem to be able to do a restore now either.
Cheers

Buster

"Buster" wrote:

> My brouser has been hijacked and I've tried a number of things but finally
> ran hijackthis and got the following results:
> Logfile of HijackThis v1.99.1
> Scan saved at 7:32:55 PM, on 30/11/2006
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v7.00 (7.00.5730.0011)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\csrss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Windows Defender\MsMpEng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\WINDOWS\system32\Ati2evxx.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> C:\WINDOWS\System32\GEARSec.exe
> C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
> C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
> C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
> C:\WINDOWS\system32\wdfmgr.exe
> C:\WINDOWS\System32\alg.exe
> C:\WINDOWS\system32\ctfmon.exe
> C:\Program Files\Windows Defender\MSASCui.exe
> C:\Program Files\Common Files\Symantec Shared\ccApp.exe
> C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
> C:\Program Files\MSN Messenger\msnmsgr.exe
> C:\WINDOWS\system32\svchost.exe
> C:\Program Files\Internet Explorer\IEXPLORE.EXE
> C:\Program Files\Messenger\msmsgs.exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Paul\Desktop\HijackThis.exe
>
> R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
> http://mail.yahoo.com/
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft
> Internet Explorer
> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
> C:\PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: Windows Live Sign-in Helper -
> {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
> Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}
> - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
> Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
> C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
> files\google\googletoolbar1.dll
> O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
> C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
> O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows
> Defender\MSASCui.exe" -hide
> O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
> Shared\ccApp.exe"
> O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System
> Mechanic Professional 6\SystemGuardAlerter.exe"
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &
> Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic
> Professional 6\SMSystemAnalyzer.exe"
> O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe"
> /background
> O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
> %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
> {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
> Diagnostic\xpnetdiag.exe (file missing)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O11 - Options group: [INTERNATIONAL] International*
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
> Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160571431437
> O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) -
> file://c:\WINDOWS\Downloaded Program Files\AcDcToday.ocx
> O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
> file://c:\WINDOWS\Downloaded Program Files\InstBanr.ocx
> O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) -
> O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) -
> file://c:\WINDOWS\Downloaded Program Files\InstFred.ocx
> O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) -
> file://c:\WINDOWS\Downloaded Program Files\AcPreview.ocx
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{F6D71632-B9B6-4FA3-891E-3E2AB0C499F2}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O17 -
> HKLM\System\CS1\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O17 -
> HKLM\System\CS2\Services\Tcpip\..\{7F1AA1D6-8128-4360-A27C-132A3F1C804A}:
> NameServer = 85.255.113.122,85.255.112.169
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122
> 85.255.112.169
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
> C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
> O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common
> Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
> C:\WINDOWS\system32\Ati2evxx.exe
> O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program
> Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
> O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
> O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
> O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
> O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
> O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel
> 32\IDriverT.exe
> O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program
> Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
> O23 - Service: iPodService - Apple Computer, Inc. - C:\Program
> Files\iPod\bin\iPodService.exe
> O23 - Service: LiveUpdate - Symantec Corporation -
> C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
> O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec
> Corporation - C:\Program Files\Norton SystemWorks\Norton
> AntiVirus\navapsvc.exe
> O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton
> SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
> O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -
> Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton
> AntiVirus\IWP\NPFMntor.exe
> O23 - Service: Norton Unerase Protection (NProtectService) - Symantec
> Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
> O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton
> SystemWorks\Norton AntiVirus\SAVScan.exe
> O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation -
> C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
> O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
> Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
> O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
> C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
> O23 - Service: Speed Disk service - Symantec Corporation -
> C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
> O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
> Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
>
> I'm no expert so can anyone please make sense of this and tell me what to do?
> Thanks in advance
> Buster

Was this post helpful to you?

Top

sgopus

11/30/2006 4:56 PM PST

Answer

hijack this log snipped for brevity.

You need to post details of what is happening, your posts are too vague.
ie I clicked on a link to yahoo.com and coolwebsearch comes up instead.

this gives a clearer idea of what is happening.
I looked at your log and so far I see nothing that suggests a hijack, but
I'm not an expert and that's why you need to post your log in the proper
forum, those hijack this forums are populated by experts.

"Buster" wrote:

> Thanks for that. Basically when I do search and then click on a link, it
> goes to a different page than requested. That's all really although I don't
> seem to be able to do a restore now either.
> Cheers
>

Was this post helpful to you?

Top

Buster

11/30/2006 5:18 PM PST

Ok thanks for that.

"sgopus" wrote:

> hijack this log snipped for brevity.
>
> You need to post details of what is happening, your posts are too vague.
> ie I clicked on a link to yahoo.com and coolwebsearch comes up instead.
>
> this gives a clearer idea of what is happening.
> I looked at your log and so far I see nothing that suggests a hijack, but
> I'm not an expert and that's why you need to post your log in the proper
> forum, those hijack this forums are populated by experts.
>
>
> "Buster" wrote:
>
> > Thanks for that. Basically when I do search and then click on a link, it
> > goes to a different page than requested. That's all really although I don't
> > seem to be able to do a restore now either.
> > Cheers
> >

Was this post helpful to you?

Top

	Return to Microsoft Communities		Notify me of replies

Manage Your Profile |Rules of Conduct |Contact Us