| [Fixed] Hijackthis! Logs - browser hijacked? posted in the Security & Safety forums; also, since you can now get to symantec, have you updated and scanned with that app?... |
  |
|
|
01-16-2008
|
|
 |
Senior Security Analyst
|
|
Join Date: Jan 2007
Location: texas, USA
Posts: 2,569 PC Experience: PC Illiterate
|
|
Re: browser hijacked?
also, since you can now get to symantec, have you updated and scanned with that app?
__________________
M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture
"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
|
|
01-16-2008
|
|
 |
Bronze Member
|
|
Join Date: Jan 2008
Posts: 42 PC Experience: Some Experience
|
|
Re: browser hijacked?
I am unable to access symantec with live update - I can't find out how to make that happen via firefox. I did, however, find an update on symantec site that I was able to download that seems to have provided current definitions. I am unsure as to the exact status of this. I ran a full system scan which found only a single cookie that it didn't like and removed. Will provide the requested logs later when I am home at the machine.
norm
|
|
01-17-2008
|
|
|
Bronze Member
|
|
Join Date: Jan 2008
Posts: 42 PC Experience: Some Experience
|
|
Re: browser hijacked?
Attached are the logs as requested. I also want to point out, in case it is of use that each time I run SDFix, there are 4 exceptions that print out during the course of its running. These same four messages have come up each time I run it and I should have mentioned it sooner in the event that it is meaningful. Also, note that these messages are exactly as they appear on the screen with particular attention to the fourth one which does have 9 spaces between the 'Z' and the extension.
best regards,
norm
SDFix screen output:
Checking files
Please wait
FINDSTR: cannot open Rund1132.exe
FINDSTR: cannot open ALCXMNTR
FINDSTR: cannot open C:\program files\Java\jre1.exe
FINDSTR: cannot open REG_SZ .exe
25% checked
50% checked
75% checked
|
|
01-17-2008
|
|
|
Senior Security Analyst
|
|
Join Date: Jan 2007
Location: texas, USA
Posts: 2,569 PC Experience: PC Illiterate
|
|
Re: browser hijacked?
let's see if hp is what's bogging it down. Also, I will need a new hjt log NOT in safe mode.
You may want to print these out. please close all other applications, start hjt again, click 'perform system scan only', place a tick next to the following and click 'fix checked'
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HP United States - Computers, Laptops, Servers, Printers & more ario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = HP United States - Computers, Laptops, Servers, Printers & more ario&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
reboot into normal mode, and post a new hjt log.
thanks,
v
__________________
M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture
"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
|
|
01-18-2008
|
|
|
Bronze Member
|
|
Join Date: Jan 2008
Posts: 42 PC Experience: Some Experience
|
|
Re: browser hijacked?
Done. Sorry about the safe mode HJT log last time. There is no change.
thanks
norm
|
|
01-18-2008
|
|
|
Senior Security Analyst
|
|
Join Date: Jan 2007
Location: texas, USA
Posts: 2,569 PC Experience: PC Illiterate
|
|
Re: browser hijacked?
let me get another pair of eyes on this, as I am showing all clear on malware side, but that is not to say that a second pair of eyes won't catch something.....give me a few.
thanks,
v
__________________
M.C.S.A.
M.C.P. - MS Server 2k3, Network Architecture
"Ask Bill why the string in function 9 is terminated by a dollar sign. Ask him, because he can't answer. Only I know that."
- Gary Kildall
|
New! Norton Internet Security 2008 – Download Now Click Here |
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
PC Help Forum
» Security & Safety
» [Fixed] Hijackthis! Logs
»
browser hijacked?
