 |  |  |  |  |  |  |  |
///?%20 in address bar - can't get rid of it
Thread Solved |
Everytime I type in a url in the address bar it won't go to the page. It will have http:///?%20www.web page name. I'm unable to go to any webpage at all. I have ran ad aware, spybot S & D. Have searched all search engines. But no such thing on them. Can you help me? :rolleyes:
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
•
•
Originally Posted by dlh6213
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
Logfile of HijackThis v1.99.0
Scan saved at 6:48:29 PM, on 2/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brian\Application Data\bf????.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files 2\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Aorb] C:\Documents and Settings\Brian\Application Data\x????.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Brian\Application Data\bf????.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D2762E7-00C3-4608-AF1A-BD6D2F390804}: NameServer = 205.152.132.235 205.152.37.254
Remember to close all browser windows when scanning with hijackthis (you had IE and Mozilla open when you did that scan).
Do you have any idea what this is?
C:\Documents and Settings\Brian\Application Data\bf????.exe <---
I strongly suspect it's not good; if you're not sure, find it, right-click on it, go to Properties, and post all the info on it you can find.
Scan with HJT and have it fix the following entries:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
Close all windows other then hijackthis before hitting the Fix button
Reboot into Safe Mode
Go to the indicated folder and delete the highlighted files:
C:\WINDOWS\System32\qnjtji.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\m?iexec.exe
Do a search for, and delete any instances found of:
videosd32.exe
scvhosting.exe
Reboot normally, close all browser windows, scan with HJT, and post a new log please.
Do you have any idea what this is?
C:\Documents and Settings\Brian\Application Data\bf????.exe <---
I strongly suspect it's not good; if you're not sure, find it, right-click on it, go to Properties, and post all the info on it you can find.
Scan with HJT and have it fix the following entries:
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
Close all windows other then hijackthis before hitting the Fix button
Reboot into Safe Mode
Go to the indicated folder and delete the highlighted files:
C:\WINDOWS\System32\qnjtji.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\m?iexec.exe
Do a search for, and delete any instances found of:
videosd32.exe
scvhosting.exe
Reboot normally, close all browser windows, scan with HJT, and post a new log please.
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
•
•
•
•
Originally Posted by dlh6213
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
Also I found out about C://Documents and Settings/Brian/Application Data/bfcyoo.exe. It is iunder the registry key:
HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SEARCH ASSISTANT/ACMru/5603(name-000, type-REG_SZ, data,bfcyoo.exe, I did a search and was unable to find it anywhere else.
Logfile of HijackThis v1.99.0
Scan saved at 8:11:33 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Documents and Settings\Brian\Application Data\bf????.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Aorb] C:\Documents and Settings\Brian\Application Data\x????.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Brian\Application Data\bf????.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: (HKLM)
:rolleyes:
•
•
•
•
Originally Posted by dlh6213
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
Logfile of HijackThis v1.99.0
Scan saved at 9:27:56 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
•
•
•
•
Originally Posted by dlh6213
It sounds like your browser has been hijacked; get Hijackthis from here:
http://www.merijn.org/files/hijackthis_sfx.exe
Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.
Last Post Tonight--------Everything is back to normal. Thanks so much. Have a great evening. cajunsunshine.
Looks like you went ahead and fixed a few things on your own there 
Looks good to me, let us know if you have any more problems
Looks good to me, let us know if you have any more problems
Links to help you help yourself :
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html
Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html
Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Try RemoveIT Pro to clean your computer, it has many popular malicious files in database.
http://www.incodesolutions.com/downl...moveit_pro.exe
http://www.incodesolutions.com/downl...moveit_pro.exe
 |
Similar Threads
- Internet Explorer address bar (Web Browsers)
- Taskbar Address Bar and Firefox (Windows NT / 2000 / XP)
- IE Address Bar hijacked by http://s5.th.msie.cc/ index.php (CWShredder.exe) (Viruses, Spyware and other Nasties)
- Outlook address bar (Web Browsers)
- IE 6.0 doesn't show address bar, pull-down menu and shortcut icons when opened (Web Browsers)
- IE 6.0 doesn't show address bar, pull-down menu & short-cut icons when opened (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: instant dialer need help to remove
- Next Thread: Inundated with urgent repair messages after reformating
Views: 6178 | Replies: 9
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime ddos e-mafia education email europe exam exploit explorer fake fancheckvirus firefox gaming google gumblar halloween herss.exe hijack hosting ie8 internet kaspersky legal links mail malware mcafee messagelabs microsoft mobile nazi news obama onlinethreats paedophile parents patch pc phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus rootkit samhain sans school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system threat trojan unwanted update usa virus viruses vista volume war warning windows worm yahoo zero-day zeroday
