|
| ||
| DEfault web page has been jacked by a passthrough My default web page (yahoo.ca or google.ca) has been jacked. No matter what I reset it or change my default page settings to this comes up in front of the default site I want. http://prosearching.com/passthrough/index.html...then my default site. In addition, I get a popup on the bottom of the page, that covers my task bar and remains on top unless you X it out popupbaropener.html. I have tried everything normal like Ad/Remove, reset my default page etc. but nothing seems to get rid of these two annoyances. Someone told me I may have to go to Run: regedit but I'm not sure what to do exactly. Can anyone help? PJB |
| ||
| Re: DEfault web page has been jacked by a passthrough Might i suggest Ad-Aware Download the latest version of Ad-Aware at http://download.com.com/3000-2144-10...age&tag=button After installing AAW, and before running the program, you NEED to FIRST update the reference file following these instructions. http://www.lavahelp.com/howto/updref/index.html Now do the following: - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine: check: "Unload recognized processes during scanning." - Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine: Check: "Let Windows remove files in use after reboot." Press "Scan Now" - Check option "Use Custom scanning options" - Check option "Activate In-Depth Scan" - Press "Select drives\folders to scan" - Select the active partition which is usually C: Now press "Next" to let Ad-aware scan your drives... It will find a number of "bad" files and registry keys. Right-click in that pane and choose "select all" Now press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK. Finally, close Ad-Aware, and reboot. That ought to get rid of most of your spyware. And after that, please do the following: Go to http://computercops.biz/downloads-file-328.html , and download Hijack This. Unzip to a folder other than your Desktop or the Temp folder, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log somewhere, and please show us its contents. Most of what it lists will be harmless or even required, so do NOT fix anything yet. I will be happy to help you analyze the results. |
| ||
| Re: DEfault web page has been jacked by a passthrough Harmless or Required?! I've run dozens of scans on dozens of PCs and have always remeoved everything I find and it's done nothing but good. |
| ||
| Re: DEfault web page has been jacked by a passthrough so you fix everything hijackthis finds !and nothing happens to your computer !:) |
| ||
| Re: DEfault web page has been jacked by a passthrough Caperjack, I did exactly as I was told. In fact I had already downloaded AAW, and wanted to know if you would still like to review the contents from what downloaded via your HijackThis suggestion? Quote:
|
| ||
| Re: DEfault web page has been jacked by a passthrough Once you run Adaware, reboot your computer (important) & post a fresh log after that. |
| ||
| Re: DEfault web page has been jacked by a passthrough Sure ,Was sitting here waiting for you response back from last mnt's post ,boy My ass is sore !!:) |
| ||
| Re: DEfault web page has been jacked by a passthrough Sorry for the delay, was cruising the Carribean ahhhhh. Not sure if I was to attach a file or paste in here so I pasted it. I'm now getting popups galore. Logfile of HijackThis v1.97.7 Scan saved at 6:17:09 PM, on 4/19/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\CTNOTIFY.EXE C:\WINDOWS\RUNDLL32.EXE C:\PROGRAM FILES\CREATIVE\SHAREDLL\MEDIADET.EXE C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE C:\PROGRAM FILES\START RECT\SOFTWARETYPEBIKE.EXE C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAM FILES\SYSAI\SYSAI.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL O2 - BHO: (no name) - {1B05B3D2-BDE9-C03C-5C7B-F7E815028DE3} - C:\PROGRAM FILES\FLAWLOCKS\UP UPLOAD.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Yahoo! Canada Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_1_6_0.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: fiveshimcreative - {7F28CA30-AF55-2CBD-453C-425EB2291B33} - C:\PROGRAM FILES\FLAWLOCKS\UP UPLOAD.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SPLASH SCREEN\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [Fordsign] C:\PROGRA~1\STARTR~1\SoftwareTypeBike.exe O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\ACSD.EXE" O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Real.com (HKLM) O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Canada Companion) - http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} - https://webresponse.one.microsoft.co...veX/winrep.cab |
| ||
| Re: DEfault web page has been jacked by a passthrough give me a minute to look through the log. |
| ||
| Re: DEfault web page has been jacked by a passthrough Hi :D . Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder & not on the desktop). Close all (browser) windows & have HJT fix these entries by placing a check in the appropriate box= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://prosearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://prosearching.com/searchbar.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://prosearching.com/searchbar.html O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\PROGRAM FILES\SYSAI\APROPOSPLUGIN.DLL O4 - HKLM\..\Run: [Fordsign] C:\PROGRA~1\STARTR~1\SoftwareTypeBike.exe O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe" O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - Reboot into safe mode following the instructions here & navigate to & delete C:\PROGRAM FILES\SYSAI< this folder C:\PROGRA~1\STARTR~1< this folder c:\Program Files\AutoUpdate< this folder Uninstall P2P Networking as it's a useless addition to kazaa & is known to cause problems. Reboot normally after doing the above then post a fresh log plz. |
| All times are GMT -4. The time now is 5:24 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC