Home > Question About > Question About Hijackthis Log And A "possible Browser Hijack Attempt"

Question About Hijackthis Log And A "possible Browser Hijack Attempt"

Location: : S-1-5-21-1547161642-113007714-839522115-1220\software\google\navclient\1.1\history Description : list of recently used search terms in the google toolbarMRU List Object Recognized! Type : RegData Data : "res://haxpp.dll/index.html#96676" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Start Page Data : "res://haxpp.dll/index.html#96676" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html Possible Browser Hijack Show Ignored Content As Seen On Welcome to Tech Support Guy! Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. have a peek at these guys

The HijackThis log looks good. All rights reserved. After disabling many startup items and scanning in safe mode, it seems as if I got rid of everything...except Aurora, which of course is installing the other stuff again. That's what the forums are here for.

OriginalFilename : MSOFFICE.EXE#:34 [soffice.exe] FilePath : C:\Program Files\OpenOffice.org1.1.4\program\ ProcessID : 2468 ThreadCreationTime : 9-8-2005 12:23:05 PM BasePriority IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dllO2 - BHO: Google Toolbar Notifier But I'm sorry to tell you the actions you've recommended can't be done right now.

Stay logged in Sign up now! I actually ran the scan with Ewido and TeaTimer on when Ad-Aware detected it. Type : RegData Data : "http://www.jethomepage.com/ie/" Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : "http://www.jethomepage.com/ie/" Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLjethomepage Possible Browser Hijack attempt All rights reserved.

Several functions may not work. OriginalFilename : wscntfy.exe#:27 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1420 ThreadCreationTime : 2006-08-22 오후 4:28:16 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft Windows I have run Norton Antivirus, Spybot Search and Destroy, and Ad-Aware, and they haven't found anything that looks related to this. Similar Threads - Hijack File New Strange pop ups using chrome - hijack this file sdsurf, Apr 6, 2016, in forum: Virus & Other Malware Removal Replies: 1 Views: 368 sdsurf

Please post a brand new hijackthis log and I will advise you how to remove this infection. OriginalFilename : spoolsv.exe#:13 [igfxtray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1720 ThreadCreationTime : 2006-09-06 오후 6:01:02 BasePriority : Normal FileVersion : 3.0.0.4342 ProductVersion : 7.0.0.4342 ProductName : Intel Common User Interface CompanyName Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: (no name) - {0D4C7057-EAD2-44C6-AD18-9092905F28F1} - (no file)Now close ALL open windows

Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More... Antispyware said it removed 30 some applications. Inside this folder, there will be a file called WinPFind.exe. Uncheck the box on the right that says 'Run at Windows Startup'3.

OT I do not respond to PM's requesting help. More about the author Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folder in bold if it still exists:C:\Program Files\Free Download Manager5. All rights reserved. All rights reserved.

OriginalFilename : WdfMgr.exe#:25 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1912 ThreadCreationTime : 2006-09-06 오후 6:01:15 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft« Windows« Operating System As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Type : RegKey Data : Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\msbb NCase Object recognized! http://olivettipc.com/question-about/question-about-hijack-this.html OriginalFilename : spoolsv.exe#:13 [igfxtray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1728 ThreadCreationTime : 2006-08-22 오후 4:27:19 BasePriority : Normal FileVersion : 3.0.0.4342 ProductVersion : 7.0.0.4342 ProductName : Intel Common User Interface CompanyName

OriginalFilename : avgamsvr.EXE#:21 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 228 ThreadCreationTime : 2006-08-22 오후 4:27:26 BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName OriginalFilename : wscntfy.exe#:27 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 3792 ThreadCreationTime : 2006-09-06 오후 6:01:59 BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft Windows Loading...

Type : RegData Data : Rootkey : HKEY_CURRENT_USER Object : Software\Microsoft\MediaPlayer\Player\Settings Value : Client ID Data : Registry scan result : ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ New objects : 45 Objects found so far: 47

Type : RegKey Data : Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{00000EF1-0786-4633-87C6-1AA7A44296DA} CometCursor Object recognized! Type : File Data : im64.dll Object : C:\WINDOWS\SYSTEM\ Created on : 3/3/04 1:24:39 AM Last accessed : 3/3/04 6:00:00 AM Last modified : 3/3/04 1:24:40 AM NCase Object recognized! Type : RegData Data : "http://www.jethomepage.com/ie/" Rootkey : HKEY_USERS Object : .Default\Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : "http://www.jethomepage.com/ie/" Possible browser hijack attempt : .Default\Software\Microsoft\Internet ExplorerSearchURLjethomepage Possible Browser Hijack attempt Object OriginalFilename : avgamsvr.EXE#:20 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 268 ThreadCreationTime : 2006-09-06 오후 6:01:08 BasePriority : Normal FileVersion : 7,1,0,349 ProductVersion : 7.1.0.349 ProductName : AVG 7.0 Anti-Virus System CompanyName

I notice from your log that you have running two different firewalls (Norton AntiVirus Firewall and ZoneAlarm) with Auto-protect enabled. Please re-enable javascript to access full functionality. Logged [email protected];<'S Moderator Hero Member Offline Date Registered:April 01, 2004, 11:07:09 AM Posts: 677 Trouble removing Aurora « Reply #4 on: September 07, 2005, 04:24:50 PM » secretagentbill,ok [email protected];<'S news flavallee, Mar 5, 2004 #3 Deanaw89 Thread Starter Joined: Mar 5, 2004 Messages: 9 Thanks for the link flavalee...

Back to top BC AdBot (Login to Remove) BleepingComputer.com Register to remove ads #2 OldTimer OldTimer Malware Expert Members 11,092 posts OFFLINE Gender:Male Location:North Carolina Local time:02:17 PM Posted OriginalFilename : svchost.exe#:11 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1380 ThreadCreationTime : 9-8-2005 12:22:33 PM Forums DaniWeb IT Discussion Community Forums Join Log In Read Answer Ask Hardware and Software Programming Digital Media Community Center Home Forums Hardware and Software Forum Information Security Forum Possible Browser OriginalFilename : EXPLORER.EXE#:22 [wrsssdk.exe] FilePath : C:\Program Files\Webroot\Spy Sweeper\ ProcessID : 1564 ThreadCreationTime : 9-8-2005 12:22:44 PM

FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright ⓒ 2005 Anti-Malware Development a.s. OriginalFilename : svchost.exe#:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1172 ThreadCreationTime : 2006-08-22 오후 4:27:16 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft« Windows« Operating System All rights reserved. If given the choice, get rid of McAfee VirusScan.

What does ... OriginalFilename : guard.exe#:23 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 488 ThreadCreationTime : 2006-09-06 오후 6:01:09 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft« Windows« Operating System It looks like McAfee VirusScan and Grisoft AVG are both installed or have been installed in that computer. What the Bleep are you talking about?

Type : File Data : eZinstall.exe Category : Data Miner Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account?