dfrance |
Crazed Collector
|
|
|
Reged: 09/22/03
|
Posts: 638
|
Loc: The Black
|
|
Send PM
|
|
|
OK, i give....how the phuq do I get rid of this browser hijacking?
#333796 - 10/25/14 10:24 PM
|
|
|
Tried every fix I could find online....ran Norton Power Eraser...removed unused or "new" plugins, removed search engine's and change/saved home page and IE and Firefox BOTH still boot with: http://www-search.info/?cid=4
How the hell do I get rid of this!?
|
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: dfrance]
#333797 - 10/25/14 10:30 PM
|
|
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: dfrance]
#333799 - 10/25/14 10:58 PM
|
|
|
|
Sune |
Connected
|
|
|
Reged: 09/21/03
|
Posts: 5648
|
Loc: Lagoa Santa, Brasil
|
|
Send PM
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: dfrance]
#333801 - 10/25/14 11:23 PM
|
|
|
> Tried every fix I could find online....ran Norton Power Eraser...removed unused or > "new" plugins, removed search engine's and change/saved home page and IE and Firefox > BOTH still boot with: > http://www-search.info/?cid=4 > > How the hell do I get rid of this!?
Search the Windows Registry for that address and remove all entries you find. That is to say, leave the entry blank.
S
|
|
|
Moose |
Don't make me assume my ultimate form!
|
|
|
Reged: 05/03/04
|
Posts: 1483
|
Loc: Outback, Australia
|
|
Send PM
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: Master O]
#333811 - 10/26/14 03:30 AM
|
|
|
> > Tried every fix I could find online....ran Norton Power Eraser...removed unused or > > "new" plugins, removed search engine's and change/saved home page and IE and > Firefox > > BOTH still boot with: > > http://www-search.info/?cid=4 > > > > How the hell do I get rid of this!? > > https://www.malwarebytes.org/chameleon/ > > You could also try various antimalware boot discs, such as: > > http://support.kaspersky.com/viruses/rescuedisk#downloads > > https://www.comodo.com/business-security/network-protection/rescue-disk.php > > Burn them respectively to DVD/CD/Blu-ray,etc or create bootable flash drives, boot > onto them, and try to remove the malware that way.
Yes, this is great advice. MalwareBytes is da man !
Once you've got a clean system, it would be a good idea to install Sandboxie (http://www.sandboxie.com/) and then run your browser in a Sandbox. Then if ever you get browser malware again, empty the sandbox and start with a clean slate.
I do all browsing and most other stuff sandboxed - either using Sandboxie, VirtualBox, or both (Sandboxie running inside a VirtualBox VM), but I'm super careful when it comes to security.
|
Moose
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: Robbbert]
#333814 - 10/26/14 04:58 AM
|
|
|
bro... stop using notepad. Notepad++ FTW.
|
Just broke my personal record for number of consecutive days without dying!
|
|
dfrance |
Crazed Collector
|
|
|
Reged: 09/22/03
|
Posts: 638
|
Loc: The Black
|
|
Send PM
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: Robbbert]
#333837 - 10/26/14 10:24 PM
|
|
|
Bah...still no luck (IE & FireFox affected)....trying HiJackThis now...here's the log:
Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 3:14:03 PM, on 10/26/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17344)
FIREFOX: 33.0 (x86 en-US) Boot mode: Normal
Running processes: C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Dave\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll O2 - BHO: EspressoBHO - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET) #2] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN438FW0RS05KC:NW" -scfn "HP Officejet Pro 8600 (NET) #2" -AutoStart 1 O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1CG1T31705KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [AOD] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe AutoTune (User 'Default user') O4 - Startup: BTGuard Updates.lnk = C:\BTGUARD\settings.exe O4 - Startup: Dropbox.lnk = Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe O9 - Extra 'Tools' menuitem: HP Smart Print 2.1 - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://uhc.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\21.6.0.32\NAV.exe O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
-- End of file - 17466 bytes
|
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: dfrance]
#333854 - 10/27/14 09:28 AM
|
|
|
You have so many *helper* programs on your system it will be time consuming to figure out what is causing your issues.
Look at your hosts file and make sure there is nothing fishy in there. If you need to fix or delete an entry, make sure it is not set as 'read only', and close/open it again after you change it to make sure the change sticks. (and make sure your editor doesn't add an extention to the file name. "hosts.txt" will do you no good. In fact, do yourself a favor and install Notepad++ right now, and always use that for editing any kind of text file).
Run Spybot Search and Destroy as an administrator, update it's definitions, and immunize your system. Scan your system with SB S&D Scan your system with SuperAntiSpyware Scan your system with Malwarebytes AntiMalware Run CCleaner
With HJT, 'fix' all of your R0 and R1 entries (delete them). If you use IE regularly, you'll have to set your home page and maybe search engine after that. I use google for both.
Check URLREDIR.DLL and GROOVEEX.DLL and make sure they are signed by Microsoft, or upload them to virus total. They are more than likely legit, but some malware is around that impersonates them. The impostors usually end up in system32 though...
NAV is crap. If you have the means, I recommend SEP (Symantec Endpoint Protection). SEP is a pain at times, but as far as protection, it is far superior. Same company, very different product. My 2 biggest issues are having to deal with exceptions and firewall rules. It's a huge challenge for the casual user, but I can say I haven't been affected by a virus or hijacking in many years and I often venture into the shadier parts of the interwebs...
|
Just broke my personal record for number of consecutive days without dying!
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: dfrance]
#333869 - 10/27/14 10:29 PM
|
|
|
I haven't had a lot of issues, but the couple that I've had I was able to clear up with RogueKiller.
|
|
|
dfrance |
Crazed Collector
|
|
|
Reged: 09/22/03
|
Posts: 638
|
Loc: The Black
|
|
Send PM
|
|
|
Problem solved - MANY thanks!
[Re: URherenow]
#333874 - 10/28/14 01:09 AM
|
|
|
This ended up cleaning both Firefox & IE at the same time: adwcleaner_4.001
from: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
> You have so many *helper* programs on your system it will be time consuming to figure > out what is causing your issues.
Any recommendations on which to uninstall would be great!
|
|
|
|
Re: Problem solved - MANY thanks!
[Re: dfrance]
#333875 - 10/28/14 02:07 AM
|
|
|
Look at the list you posted from HJT. Now ask yourself... which ones do you actually use regularly? I personally would get rid of a lot of the HP stuff. I think I mentioned this in my previous post, but do you use work documents that use sharepoint services? If not, I'd get rid of the msoffice entries as well. I find that the only BHO (browser Helper Object) worth having is the one you installed yourself because you needed/wanted to, not because it was bundled with something.
|
Just broke my personal record for number of consecutive days without dying!
|
|
|
Re: Problem solved - MANY thanks!
[Re: dfrance]
#333876 - 10/28/14 02:08 AM
|
|
|
|
Moose |
Don't make me assume my ultimate form!
|
|
|
Reged: 05/03/04
|
Posts: 1483
|
Loc: Outback, Australia
|
|
Send PM
|
|
|
Re: Problem solved - MANY thanks!
[Re: krick]
#333880 - 10/28/14 02:56 AM
|
|
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: URherenow]
#333970 - 10/29/14 08:37 PM
|
|
|
> bro... stop using notepad. Notepad++ FTW.
I still prefer Wordpad.
|
Scifi frauds. SF illuminates.
_________________
Culture General Contact Unit (Eccentric)
|
|
|
Re: OK, i give....how the phuq do I get rid of this browser hijacking?
[Re: Traso]
#333977 - 10/30/14 12:04 AM
|
|
|
What feature? Wordpad has absolutely nothing on Notepad++.
|
|
|