PLEASE HELP I HAVE A BROWSER HIJACKER!!!

[tanya 0]

im at witts end i have tried everything to manually get rid of this hijacker. I am not an expert on computering and i heard of a free sotware called HijackThis! and decided to give it a try i came up with this?

 

Logfile of HijackThis v1.99.0

Scan saved at 13:38:57, on 30/12/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE

F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

F:\WINDOWS\SOUNDMAN.EXE

F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe

F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE

F:\Program Files\Common Files\Symantec Shared\ccApp.exe

F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe

F:\Program Files\Messenger\msmsgs.exe

F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe

F:\Program Files\Windows ServeAd\WinServAd.exe

F:\Program Files\Windows ServeAd\WinServSuit.exe

F:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe

F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe

F:\Program Files\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe

F:\Program Files\Internet Explorer\iexplore.exe

F:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe

F:\DOCUME~1\JANEDA~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.co.uk

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.ask.co.uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O3 - Toolbar: (no name) - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DSLSTATEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon

O4 - HKLM\..\Run: [DSLAGENTEXE] F:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [GhostStartTrayApp] F:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [AcctMgr] F:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup

O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "F:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AntiSpy] F:\Program Files\Omniquad AntiSpy\AntiSpy.exe startup

O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Windows ServeAd] F:\Program Files\Windows ServeAd\WinServAd.exe

O4 - HKLM\..\Run: [kalvsys] F:\windows\system32\kalvnuk32.exe

O4 - HKLM\..\Run: [FlashClean] F:\Program Files\FlashClean\FlashClean.exe %1

O4 - HKLM\..\RunServices: [Microsoft Machine] sysini.exe

O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] F:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe

O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: BT Broadband Basic Help.lnk = F:\Program Files\BT Broadband Basic Help\bin\matcli.exe

O9 - Extra button: (no name) - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - F:\WINDOWS\System32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - F:\WINDOWS\System32\shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{FD75BF30-7FB2-4ABE-BB8F-F7422CDE3515}: NameServer = 194.72.9.34 194.74.65.68

O23 - Service: Symantec Event Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: GhostStartService - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE

O23 - Service: NvCplScan - Unknown - F:\WINDOWS\system32\msc32.exe (file missing)

O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe

O23 - Service: Norton Unerase Protection - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE

O23 - Service: SAVScan - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe

O23 - Service: ScriptBlocking Service - Symantec Corporation - F:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

 

i have absolutely no idea what this means but maybe someone could help?

 

I have anti virus programs which find two main spyware programs called WindUpdates(browser plug-in) and SearchMiracle.Elitebar (browser plug-in) the programs quarantine the viruses/spyware and i manually delete them this does not seem to be doing the trick though PLEASE HELP x

[Andicioz 0]

As i have seen your Internet Explorer starts up with "Http://www.searchmiracle.com".

When it starts up, and the page is loaded, scroll down until you reach the bottom. You will see a link called "Uninstall". Click it and download the file. Open it and it should be uninstalled. <= This has not been tested, but i am almost sure it will work because i already have done it with another browser hijacker. If you have another browser hijack, always look on the page and see if there isnt an uninstall option, and if there isnt an uninstall option in your add/remove programs index.

 

I hope this will help,

 

Greetings => Andicioz