I could use some help with this one, friends.
I've been fighting an unknown browser hijacker for over a month, and I'm nearly at my wits end, with this possibly being the last chance at fixing this problem before formatting.
As a matter of course, I've tried darn near everything to locate, identify, and remove the malware, and finally, get my Registry straight. This malware is selective ... it only does a server re-direct when I attempt to access certain websites, such as amazon.com. It has never affected my home page. Internet Explorer and Firefox are both affected. I've used several programs to isolate the problem, such as fixwareout, Spyware Blaster, Spyware Guard, AdBin (to edit the hosts file), Spybot, Ad-Aware SE Professional, Spy Sweeper, CCleaner, and several online scanners, among them being Panda, Kaspersky, Trend-Micro, and Windows Live OneCare. I also have an installed anti-virus, NOD32.
The re-directs are either to porn websites, or to google search pages this list various types of porn. In some cases, as with Amazon, I'm getting Firefox messages that state:"The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete. * This problem can sometimes be caused by disabling or refusing to accept cookies."
Accepting cookies is not the problem.
I've been working with systems for ten years, and this is the first time I've asked for help, for myself. I've never before encountered anything I couldn't repair on my own, be it software or hardware, but this one has me stumped. In other words, help would definitely be appreciated.
My HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 8:46:23 AM, on 12/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\explorer.exe
E:\My Software\HijackThis 1.99.1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.myway.com/
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I'm aware that many people don't care much for a download manager, but I've been using Internet Download Manager for several years without incident. I can kill it if necessary, but my gut doesn't feel that this is the problem. Also, UPHClean is a user profile hive cleanup program I've installed many times, and I don't think this is the problem, either.
It sure would be nice to correct this without wiping C: and starting over, so if anyone has suggestions on how to fix this, I would be in their debt.
Thanks in advance ... JTFoote
Sign In
Create Account
