TechSpot

Please Help IE hijacked HJT file attached

By bmac33
Mar 14, 2007
  1. Please Help IE hijacked HJT file attached Spyware is redirecting links from search to other search engines, TIA!
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    well bmac33. this is my first suspect which should be removed. but first,would you make sure that hijack this is not in a temp folder. secondly go to THIS LOCATION and follow the instructions, after which post a fresh hjt.
     
  3. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Backgrounds/Constitution.htm

    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab

    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?

    Click on the fix checked button.

    Close HJT and reboot your system.

    Other than the above, your HJT log is clean.

    However, it appears you`re running more than one firewall programme. This is not recommended and can cause serious conflicts. Uninstall one of your software firewall programmes.

    Then, let us know is you`re still having problems.

    Regards Howard :wave: :wave:

    This thread is for the use of bmac33 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  4. bmac33

    bmac33 TS Rookie Topic Starter

    Thanks Everyone looks like I got it! Logs attached

    Thanks Everyone looks like I got it! Logs attached. I would like to know what it was if someon could tell me.
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You still haven`t uninstalled one of your software firewall programmes. It is very important that you do so. Since you are running Symantec/Norton, I suggest you uninstall Zonealarm.

    The entries I advised you to fix are still there. Please do the following.

    Disable Ad-Aware Ad-Watch as it may be interfering with the fix.

    1. Right click on the Ad-Watch icon in the system tray.
    2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

    Active: This will turn Ad-Watch On\Off without closing it
    Automatic: Suspicious activity will be blocked automatically

    3. Uncheck both of those boxes.


    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Backgrounds/Constitution.htm

    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab

    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activ...pv2.0.0.9.cab?

    Click on the fix checked button.

    Close HJT and reboot your system.

    Other than the above, your HJT log is clean. I`m not sure what was causing your problems.

    Regards Howard :)

    This thread is for the use of bmac33 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. bmac33

    bmac33 TS Rookie Topic Starter

    Firewall

    Howard,
    Thanks so much for your help!
    You mention turning off one the firewalls because I am using Norton. My version of Norton does not include a firewall. I believe that currently Windows firewall and Zone Alarm are running, should I turn of windows firewall, will that do it or do you suggest something else?
    And one other quick question about Zone Alarm. in the past it always showed its icon which shows traffic in the tray but now it does not. True vector does show to be running on startup. Unless I click on the program icon and start it the icon will not show in the tray. Also when I open the control panel the check box to "load Zone Alarm at startup" is not checked and will not stay checked after I restart my machine.
    Thanks again,
    Brad
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You shouldn`t have Windows and Zonealarm firewalls running at the same time. Perhaps that`s what`s causing the problem with Zonealarm. Are you absolutely sure your Symantec/Norton product doesn`t have a firewall? If you are, then uninstalling and reinstalling Zonealarm may well solve the problem. Zonealarm, normally disable the Windows firewall by default, in order to prevent conflicts.

    Regards Howard :)

    This thread is for the use of bmac33 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...