There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox freeze google hard drive hardware hijackthis internet laptop logon logs off macro malware motherboard network networking problem ram redirect router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
domain names hijacked (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
lowel173's Avatar
Computer Specs
Junior Member with 3 posts.
  
Join Date: May 2006
Experience: Beginner
30-May-2006, 05:10 PM #1
domain names hijacked
help! when i try to go to some pages i end up on a different page and my browser is adding a .com or .net etc... to the domain names i type in.

here is a hijack this log...
*************************************************

Logfile of HijackThis v1.99.1
Scan saved at 5:06:25 PM, on 5/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
C:\Program Files\Franklin Covey\Planner\Palm\HOTSYNC.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Franklin Covey\Planner\Compass.exe
C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\DIANAP~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sent.com/
O1 - Hosts: 209.59.130.
O1 - Hosts: 66.179.9.8 123wealthquest.com
O1 - Hosts: 68.142.227.190 360.yahoo.com
O1 - Hosts: 63.240.13.5 4kids.tv
O1 - Hosts: 216.247.177.233 4xauthority.com
O1 - Hosts: 72.10.45.63 9rules.com
O1 - Hosts: 204.11.109.64 a.tribalfusion.com
O1 - Hosts: 207.171.163.39 a9.com
O1 - Hosts: 209.208.150.179 aa.lastminute-packages.com
O1 - Hosts: 199.181.132.174 abclocal.go.com
O1 - Hosts: 199.181.132.144 abcnews.go.com
O1 - Hosts: 66.179.31.1 abnamro.infonow.net
O1 - Hosts: 167.206.76.23 accountex.mozdev.org
O1 - Hosts: 63.209.12.116 activate.packet8.net
O1 - Hosts: 216.73.87.182 ad.doubleclick.net
O1 - Hosts: 209.244.156.19 ad.insightexpress.com
O1 - Hosts: 72.37.157.36 ad.yieldmanager.com
O1 - Hosts: 209.202.248.105 adbuyer3.lycos.com
O1 - Hosts: 68.142.197.57 address.mail.yahoo.com
O1 - Hosts: 64.158.223.128 adfarm.mediaplex.com
O1 - Hosts: 12.130.50.205 adisney.go.com
O1 - Hosts: 209.104.53.100 ads.as4x.tmcs.net
O1 - Hosts: 207.142.131.254 ads.bomis.com
O1 - Hosts: 216.250.141.190 ads2.drivelinemedia.com
O1 - Hosts: 204.13.160.17 ads2.revenue.net
O1 - Hosts: 64.151.79.156 adserve.webtoolcafe.com
O1 - Hosts: 68.225.140.106 adserving.autotrader.com
O1 - Hosts: 66.218.79.186 adult-chat-city.com
O1 - Hosts: 216.34.38.116 adultfriendfinder.com
O1 - Hosts: 81.52.248.191 advice.eharmony.com
O1 - Hosts: 205.181.242.46 advisors.ssga.com
O1 - Hosts: 198.181.158.81 affinity.progressive.com
O1 - Hosts: 166.70.183.131 agelworx.com
O1 - Hosts: 66.230.155.139 alexa-rae.totalblondes.com
O1 - Hosts: 169.198.1.190 alldatadiy.com
O1 - Hosts: 207.241.149.20 allexperts.com
O1 - Hosts: 128.242.126.154 alpha03u.c-wss.com
O1 - Hosts: 204.119.248.36 amazon.exemplum.com
O1 - Hosts: 207.44.131.211 ambroz.cancer-symptoms.info
O1 - Hosts: 209.67.27.16 amch.questionmarket.com
O1 - Hosts: 216.113.178.135 antiques.search.ebay.com
O1 - Hosts: 63.246.20.202 antivirus-software.6starreviews.com
O1 - Hosts: 204.228.150.15 anti-virus-software-review.toptenreviews.com
O1 - Hosts: 208.45.133.133 apnews.myway.com
O1 - Hosts: 64.202.189.75 app3.websitetonight.com
O1 - Hosts: 63.65.43.119 applications.marykayintouch.com
O1 - Hosts: 64.233.190.21 apps5.oingo.com
O1 - Hosts: 12.120.41.15 apsc.disney.go.com
O1 - Hosts: 65.254.39.124 apurplemonkey.com
O1 - Hosts: 69.20.40.50 arc.easystorecreator.net
O1 - Hosts: 66.225.202.210 arstechnica.com
O1 - Hosts: 212.161.99.179 as1.advfn.com
O1 - Hosts: 70.84.186.210 ashhaven.com
O1 - Hosts: 158.74.135.10 aspe.hhs.gov
O1 - Hosts: 213.18.253.81 atschool.eduweb.co.uk
O1 - Hosts: 68.142.200.12 attach.mud.mail.yahoo.com
O1 - Hosts: 66.94.234.16 austinp-fxinvestor.com
O1 - Hosts: 66.77.43.48 auto.consumerguide.com
O1 - Hosts: 68.22.73.154 auto.search.msn.com
O1 - Hosts: 206.188.5.7 autocontactor.com
O1 - Hosts: 164.109.30.201 automobiles.honda.com
O1 - Hosts: 69.2.115.239 autos.mlive.com
O1 - Hosts: 207.68.175.99 autos.msn.com
O1 - Hosts: 216.155.200.70 autos.yahoo.com
O1 - Hosts: 216.155.200.132 avatars.yahoo.com
O1 - Hosts: 136.181.114.10 ayp.mde.state.mi.us
O1 - Hosts: 192.232.16.68 b.casalemedia.com
O1 - Hosts: 66.218.70.48 b.www.yahoo.com
O1 - Hosts: 205.205.8.193 back-exercises.com
O1 - Hosts: 205.205.47.198 backtrainer.com
O1 - Hosts: 216.77.188.45 bellsouthpwp.net
O1 - Hosts: 208.45.133.134 bfc.excite.com
O1 - Hosts: 203.202.64.32 biblicalstudies.qldwide.net.au
O1 - Hosts: 199.72.156.108 bigtrends.com
O1 - Hosts: 66.163.175.150 billing.finance.yahoo.com
O1 - Hosts: 216.109.124.144 biz.yahoo.com
O1 - Hosts: 63.208.226.52 blog.myspace.com
O1 - Hosts: 204.2.101.179 bluecollardollar.com
O1 - Hosts: 64.92.108.26 bodysoulspiritexpo.com
O1 - Hosts: 216.113.185.141 books.search.ebay.com
O1 - Hosts: 209.202.240.100 bprayer0.tripod.com
O1 - Hosts: 69.20.94.203 bragada.com
O1 - Hosts: 67.15.16.54 breakingnewsblog.com
O1 - Hosts: 216.111.222.55 business.marylandtaxes.com
O1 - Hosts: 66.135.195.166 buy.ebay.com
O1 - Hosts: 63.243.104.118 bz.homenetinc.com
O1 - Hosts: 66.77.165.211 c1.zedo.com
O1 - Hosts: 69.42.68.92 calculators.kyozou.com
O1 - Hosts: 216.33.88.144 cars.kbb.com
O1 - Hosts: 207.68.165.63 cart.bcentral.com
O1 - Hosts: 63.236.12.26 cde.mlmbrilliance.com
O1 - Hosts: 69.2.201.208 cedric.seizethefortune.com
O1 - Hosts: 64.202.189.216 centrelshopping.com
O1 - Hosts: 63.71.211.213 certification.investors.com
O1 - Hosts: 66.135.193.87 cgi.ebay.co.uk
O1 - Hosts: 66.135.192.135 cgi.ebay.com
O1 - Hosts: 66.135.192.142 cgi.liveauctions.ebay.com
O1 - Hosts: 66.135.210.40 cgi1.ebay.com
O1 - Hosts: 66.135.210.43 cgi3.ebay.com
O1 - Hosts: 66.135.213.40 cgi4.ebay.com
O1 - Hosts: 66.135.210.110 cgi6.ebay.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Weekly Compass.lnk = C:\Program Files\Franklin Covey\Planner\Compass.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dr.Speed NetRx.lnk = C:\Program Files\Aluria Software\DrSpeed Suite\drspeed.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Franklin Covey\Planner\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Weekly Compass.lnk = C:\Program Files\Franklin Covey\Planner\Compass.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: www.ccli.com
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123726238025
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zang...ridge-c356.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MFDnNC's Avatar
Distinguished Member with 49,029 posts.
  
Join Date: Sep 2004
30-May-2006, 05:20 PM #2
Download Hoster from here:
www.funkytoad.com/download/hoster.zip
Run the program Hoster and press Restore Original Hosts, OK, and Exit Program.


Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
Closed Thread Bookmark and Share   techguy.org/471398

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 11:46 AM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.