954,249 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
7 Years Ago
0

///?%20 in address bar - can't get rid of it

Everytime I type in a url in the address bar it won't go to the page. It will have http:///?%20www.web page name. I'm unable to go to any webpage at all. I have ran ad aware, spybot S & D. Have searched all search engines. But no such thing on them. Can you help me? :rolleyes:

cajunsunshine
Newbie Poster
15 posts since Dec 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.

dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
 
7 Years Ago
0

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.



reply form cajunsunshine
Logfile of HijackThis v1.99.0
Scan saved at 6:48:29 PM, on 2/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Brian\Application Data\bf????.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files 2\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Aorb] C:\Documents and Settings\Brian\Application Data\x????.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Brian\Application Data\bf????.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D2762E7-00C3-4608-AF1A-BD6D2F390804}: NameServer = 205.152.132.235 205.152.37.254

cajunsunshine
Newbie Poster
15 posts since Dec 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

Remember to close all browser windows when scanning with hijackthis (you had IE and Mozilla open when you did that scan).

Do you have any idea what this is?
C:\Documents and Settings\Brian\Application Data\bf????.exe <---

I strongly suspect it's not good; if you're not sure, find it, right-click on it, go to Properties, and post all the info on it you can find.

Scan with HJT and have it fix the following entries:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.133
O15 - Trusted IP range: (HKLM)

Close all windows other then hijackthis before hitting the Fix button

Reboot into Safe Mode

Go to the indicated folder and delete the highlighted files:
C:\WINDOWS\System32\qnjtji.exe
C:\WINDOWS\System32\dktime.exe
C:\WINDOWS\System32\m?iexec.exe

Do a search for, and delete any instances found of:
videosd32.exe
scvhosting.exe

Reboot normally, close all browser windows, scan with HJT, and post a new log please.

dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
 
7 Years Ago
0

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.



THIS IS THE NEWEST HIJACK LOG. i CLOSED ALL WINDOWS THIS TIME, SORRY ABOUT THAT.

Also I found out about C://Documents and Settings/Brian/Application Data/bfcyoo.exe. It is iunder the registry key:
HKEY_CURRENT_USER/SOFTWARE/MICROSOFT/SEARCH ASSISTANT/ACMru/5603(name-000, type-REG_SZ, data,bfcyoo.exe, I did a search and was unable to find it anywhere else.


Logfile of HijackThis v1.99.0
Scan saved at 8:11:33 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\scvhosting.exe
C:\WINDOWS\System32\videosd32.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Documents and Settings\Brian\Application Data\bf????.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\qnjtji.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunOnce: [starter] scvhosting.exe
O4 - HKLM\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [DKTime] C:\WINDOWS\System32\dktime.exe
O4 - HKCU\..\Run: [Aorb] C:\Documents and Settings\Brian\Application Data\x????.exe
O4 - HKCU\..\Run: [Lptdibpi] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Ltho] C:\Documents and Settings\Brian\Application Data\bf????.exe
O4 - HKCU\..\RunOnce: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\RunOnce: [starter] scvhosting.exe
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: (HKLM)

:rolleyes:

cajunsunshine
Newbie Poster
15 posts since Dec 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.



This is the very last hijack log I've done here at 9:30 pm. I didn't do it right in the last reply I made to you. Here it is -------

Logfile of HijackThis v1.99.0
Scan saved at 9:27:56 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:80
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - Global Startup: Instant Update Reminder.lnk = ?
O4 - Global Startup: Internet Answering Machine.lnk = C:\Program Files\CallWave\IAM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O15 - Trusted Zone: *.mozilla.org

cajunsunshine
Newbie Poster
15 posts since Dec 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

It sounds like your browser has been hijacked; get Hijackthis from here:

http://www.merijn.org/files/hijackthis_sfx.exe

Close all browser windows, scan with hijackthis, save the log, copy and paste it here in this thread.



11:19 PM Sunday night

Last Post Tonight--------Everything is back to normal. Thanks so much. Have a great evening. cajunsunshine.

cajunsunshine
Newbie Poster
15 posts since Dec 2004
Reputation Points: 10
Solved Threads: 0
 
7 Years Ago
0

Looks like you went ahead and fixed a few things on your own there :)

Looks good to me, let us know if you have any more problems

dlh6213
Posting Maven
Team Colleague
3,117 posts since Jul 2004
Reputation Points: 63
Solved Threads: 214
 
7 Years Ago
0

Run the PurityScan uninstaller also.

crunchie
Most Valuable Poster
Moderator
20,095 posts since Feb 2004
Reputation Points: 1,142
Solved Threads: 985
 
6 Years Ago
0

Try RemoveIT Pro to clean your computer, it has many popular malicious files in database.

http://www.incodesolutions.com/downloads/removeit_pro.exe

damjan_hr
Newbie Poster
1 post since Aug 2005
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed