It started out HUGE, with a toolbar and a sidebar search instrument that I eliminated and now when I search from the Google toolbar or hit a link it will goto a wild random page selling some sort of ______that I can quickly bail from with my original page behind it---if my Yahoo startpage sits idle (cable connect) it will put 4-5 pages of______on top of each other, random "punch the dope" type of ______that I can quickly eliminate---ive used updated Norton, Ad-Aware, Spybot, "The Cleaner", TDS-3, Hijack This, Shredder, AVG----ummm im sure im forgetting something I tried?

Cant rid myself of it, and its still a niggleing little problem that im not ready to re-format over yet is a pain in the ___ if ya know what I mean...

Search Assistant, maybe? My dau's PC has that, and I can't seem to rid it completely. Spybot alerts every few minutes to say it's trying to do stuff, but it won't fix it. :(

Mick

Hey TKOP :)

I'm glad that you are posting here again. I kinda missed you

If you Ctrl+Alt+Delete and go into the "processes" window, do you see a process running that you can end to make the hijacker go away? If there is one, search the registry and try to remove it from where the registry says its located.

BTW, did you try reinstalling IE and the Google tool-bar?

I was reading about Google tool-bar exploits at a hacker site yesterday, and got a truckload of spyware, most of which i removed using Spybot.

Roswell :)

Originally posted by theKing
It started out HUGE, with a toolbar and a sidebar search instrument that I eliminated and now when I search from the Google toolbar or hit a link it will goto a wild random page selling some sort of ______that I can quickly bail from with my original page behind it---if my Yahoo startpage sits idle (cable connect) it will put 4-5 pages of______on top of each other, random "punch the dope" type of ______that I can quickly eliminate---ive used updated Norton, Ad-Aware, Spybot, "The Cleaner", TDS-3, Hijack This, Shredder, AVG----ummm im sure im forgetting something I tried?

Cant rid myself of it, and its still a niggleing little problem that im not ready to re-format over yet is a pain in the ___ if ya know what I mean...
Have you tried this; http://majorgeeks.com/download4191.html
If you're using XP, turn off the System Restore. If you're in the
USA use mirror #2 it seems to be faster.

What browser are you using, TKOP?

Do you still have the HijackThis log of it?

:)

Bob

<Edit: If it's Internet Explorer, have a look at;-
HKEY_Local_Machine, Software, Microsoft, Internet Explorer, Search - See if it's in there!

Also;

HKEY_Current_User, Software, Microsoft, Internet Explorer, Main, - Default_Search_URL

Warning! As with any registry Edit, make sure you have a backup first! >

Im using IE6, here is a snap of processes running after a cold boot, not sure whats supposed to be there and not, lots of dupes etc---anyone?

Ill get a HiJack log for you to see before the day is over...

(Gosh that looks pretty crappy hope you can read it, had to downsize it to get it accepted)

Ok here is the HijackThis log:
Can ya make head or tails from it?
(on fresh boot)

Logfile of HijackThis v1.98.2
Scan saved at 5:09:49 PM, on 12/6/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Tim\Desktop\HijackThis.exe
C:\Documents and Settings\Tim\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC 1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [vernn16.dll] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\vernn16.dll
O4 - HKCU\..\Run: [kvern16.dll] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\kvern16.dll
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28bead2b78878667a000/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1087586510765
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

There are some 'issues' there!

Give me a few to go through it all!

:)

Bob

Hey thanks! I dont really know what im lookin for actually?---no rush, gonna be out of town a few days :-)

Okay, if you start by turning OFF system restore!

Rescan with HijackThis,

Put a check next to;-

URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Hosts: 64.91.255.87 www.dcsresearch.com

Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)

Close ALL browser windows, and then click 'Fix Checked'

Then reboot the machine! Turn system restore back on!

Come on back and tell me the results!

:)

Bob

Okay, if you are gonna be out of town for a few, don't do anything till you get back!

:D

Bob

Heheh---done, so far so good it seems?
Lemme give it a few moments to build momentum, it does it on its own, im beginning to think its from hangin out with Knot, although he seems to be ok for now :-)

I'll monitor it before I hit the road and report back, thanks for the help!

LOL, now I'm a waiting with bated breath - it's 02:18 am here but I can't sleep till I know!

:D

Bob

Ok it still is doin it, sort of---say I goto a forum site (for example) and click on one of the threads it takes me to http://yourmortgageshop.us/ instead---damn thing...

It doesnt seem to be picking up pages while it idles with IE open now tho, so thats a plus...

Aha, you're back! :D

Did you remove all 3 items? I added one later! ( the edit! )

If so, can you post another Hijackthis log now?

:)

Bob

Will do---gotta take care of a few things to catch up before playing with the computer :-)

Here we go again:

Logfile of HijackThis v1.98.2
Scan saved at 8:18:53 PM, on 12/9/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\fadsetup.scr
C:\Documents and Settings\Tim\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC 1.EXE /P29 "EPSON Stylus Photo 820 Series" /O6 "USB001" /M "Stylus Photo 820"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKCU\..\Run: [vernn16.dll] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\vernn16.dll
O4 - HKCU\..\Run: [kvern16.dll] C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\kvern16.dll
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28bead2b78878667a000/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1087586510765
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab

You got Google toolbar? Bleh. :mad: That could be enought to cause all sorts of stuff, IMO. :rolleyes:

This one is a bit suss - not sure what these do.... Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)

Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll


Also, I would suggest you ditch IE altogether and only use Firefox or Opera or the like. Too nay little areas in IE to attach hooks on. :eek: All those buttons and extra menu items are holes waiting for spyware to attach, IMO. :o

If it's only the single site causing an issue now, you could try doing a registry scan for that site, and see if it's hiding somewhere. It's possible it's linked itself to a supposedly "good" messenger or google toolbar item. :(

I hate spyware. :mad:

Cheers
Mick

THAT'S why i don't have the google toolbar...i've read too many bad things about it :(

Roswell

Ive never heard anything bad about it till now---you sure youve used it? Ive only heard good things?

I minimize all its features except pop-up blocking and fully appreciate it being there as I search on a regular basis and it makes it simple and easy---ive never had a problem such as this in years till now and I know it will be gone if I take the time to re-format, it isnt easily ID'd and it isnt easly removed as ive used most "popular" methods and cant make head nor tails of these logs so it looks like i'll just re-do it since its been quite a long time since ive done so---if it wasnt for this problem, I wouldnt have any, so i cant complain all that much :-)

#6. Hijack the toolbar and reroute searches.
To search, the toolbar uses a special option called "GoogleHome". An attacker can change the value of the "GoogleHome" option by following the steps in #2 and then changing the URL to "http://toolbar.google.com/command?GoogleHome=<attacker's search handler>".


http://www.sitepoint.com/forums/showthread.php?t=71668

my thought is that this is what's happening, that the toolbar input goes thru some other server, and then gets redirected to google, but popups from the other server stay on your screen.

Roswell

That was a problem that seems to have appeared 3 years ago (according to the date) when the toolbar was a fairly new item, im sure that has been sorted out by now and not an issue---this all began when I copied and pasted some cheats for a neighbor kids San Andreas videogame---I havnt had any problems prior that couldnt be easily fixed by Spybot and Ad-Aware and only had 1 similar problem in almost 10 years that required a format to sort out due to a fix not being found---IE6 works fine for me for what I do and swapping to Opera or Firefox would only open up a whole nuther can of worms at this point...

update: i got some screwy hijacker too :banghead:

Roswell :(

Post a log, Roswell!

Just running through yours. tkop!

:D

Bob

Okay,

I forgot to mention before, so will do now;-

Before fixing anything in HijackThis, it is important to create a permanent folder for it( e.g. C:\HJT ). This is because it will create backups which you may want to restore later if anything goes wrong.

On to the log,

Start by turning OFF system restore!

Rescan with HijackThis,

Put a check next to;-


Toolbar: Search - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)

Close ALL browser windows, and then click 'Fix Checked'

Then reboot the machine! Turn system restore back on!



The offender is an Internet Explorer Toolbar bug called Powersearch!

:)

Bob

i fixed mine, but now i have to totally uninstall M$ IE and reinstall it :(

the security settings are all backwards now, all sites are trused :mad:

Roswell

Sounds like a fun one, Roswell! Did you find out which one it was, in the end?

:)

Bob

Originally posted by Cowboybooter
Sounds like a fun one, Roswell! Did you find out which one it was, in the end?

:)

Bob

TROJ_STRTPAGE.O

and a truckload of others that got in after another piece of spyware put their sites on the trused list :mad:

Roswell :)

gotten rid of it all, now i'm gonna mess around with M$ IE, trying to get it to work properly :rolleyes:

Roswell

OK im alot better now thats for sure---its gonna be till Monday for me to give it a work out enough to tell, im not being hijacked it seems---i'll keep an eye on in and report back, thanks for your help, I Have a feeling I better keep my fingers crossed tho :-)

Well, its still happening, I get jacked when clicking to enter a post, or using a link within a thread or website, when it does it it takes out most of my taskbar and expands the page slightly beyond the border---its easy enough to click out of but bordering on warranting a format which at this point seems to be my only remedy with all the trys at fixing it---guess its been a couple weeks now...

i wish i could just go and fix it for you but since thats not the case, i'm gonna try to figure out what the hijackthis log says...

Roswell

hey, does anyone know what is

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

:confused:

Roswell

Code 09 - It's an additional button on the main IE tollbar, or an extra that shows up in the Tools menu!

Won't hurt to 'fix it' and see!

:)

Bob

thing that worries me are the large number of svchost.exe's on there - a couple is normal - that many - something's going on.....

If I didn't know better - I'd say someone was using terminal services to get into another instanse of your desktop running for their purposes.

Originally posted by Axel
thing that worries me are the large number of svchost.exe's on there - a couple is normal - that many - something's going on.....

If I didn't know better - I'd say someone was using terminal services to get into another instanse of your desktop running for their purposes.

yep, i agree...

Roswell :)