Daughter clicked yes on a popup and now my broweser is hijacked, doesn't matter if I use IE, Maxthon Browser or Firefox. Type in Google.com and the page won't load. Type a Google search from the taskbar and google won't load. About 70% of the time if I load a new page or type in an address it gets hijacked and goes too www.all-inkl.de . The few times I can get Google to load it has changed my searches to the UK version of Google.
Thank you for your help
Logfile of HijackThis v1.99.1
Scan saved at 6:43:20 AM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\hphmon03.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\HPHipm09.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Jeremy and Britnie\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
O1 - Hosts: 195.158.172.121 amazon.at
O1 - Hosts: 195.158.172.121 www.amazon.at
O1 - Hosts: 195.158.172.121 www.all-inkl.de
O1 - Hosts: 195.158.172.121 all-inkl.de
O1 - Hosts: 195.158.172.121 www.domainfactory.de
O1 - Hosts: 195.158.172.121 domainfactory.de
O1 - Hosts: 195.158.172.121 www.evanzo.de
O1 - Hosts: 195.158.172.121 evanzo.de
O1 - Hosts: 195.158.172.121 www.united-domains.de
O1 - Hosts: 195.158.172.121 united-domains.de
O1 - Hosts: 195.158.172.121 www.sedo.de
O1 - Hosts: 195.158.172.121 sedo.de
O1 - Hosts: 195.158.172.121 www.sedo.com
O1 - Hosts: 195.158.172.121 sedo.com
O1 - Hosts: 195.158.172.121 www.domains.de
O1 - Hosts: 195.158.172.121 domains.de
O1 - Hosts: 195.158.172.121 sedo.fr
O1 - Hosts: 195.158.172.121 sedo.it
O1 - Hosts: 195.158.172.121 sedo.se
O1 - Hosts: 195.158.172.121 sedo.dk
O1 - Hosts: 195.158.172.121 www.sedo.fr
O1 - Hosts: 195.158.172.121 www.sedo.it
O1 - Hosts: 195.158.172.121 www.sedo.se
O1 - Hosts: 195.158.172.121 www.sedo.dk
O1 - Hosts: 195.158.172.121 e-hausaufgaben.de
O1 - Hosts: 195.158.172.121 hausaufgaben.de
O1 - Hosts: 195.158.172.121 www.e-hausaufgaben.de
O1 - Hosts: 195.158.172.121 www.hausaufgaben.de
O1 - Hosts: 195.158.172.121 young.de
O1 - Hosts: 195.158.172.121 schoolunity.de
O1 - Hosts: 195.158.172.121 schoolwork.de
O1 - Hosts: 195.158.172.121 hausarbeiten24.com
O1 - Hosts: 195.158.172.121 hausarbeiten.de
O1 - Hosts: 195.158.172.121 www.young.de
O1 - Hosts: 195.158.172.121 www.schoolunity.de
O1 - Hosts: 195.158.172.121 www.schoolwork.de
O1 - Hosts: 195.158.172.121 www.hausarbeiten24.com
O1 - Hosts: 195.158.172.121 www.hausarbeiten.de
O1 - Hosts: 195.158.172.121 schulstadt.de
O1 - Hosts: 195.158.172.121 www.schulstadt.de
O1 - Hosts: 195.158.172.121 www.probenclub.de
O1 - Hosts: 195.158.172.121 www.couponmountain.de
O1 - Hosts: 195.158.172.121 www.warenproben.ag
O1 - Hosts: 195.158.172.121 www.gratisproben24.net
O1 - Hosts: 195.158.172.121 probenclub.de
O1 - Hosts: 195.158.172.121 couponmountain.de
O1 - Hosts: 195.158.172.121 warenproben.ag
O1 - Hosts: 195.158.172.121 gratisproben24.net
O1 - Hosts: 195.158.172.121 probendino.de
O1 - Hosts: 195.158.172.121 www.probendino.de
O1 - Hosts: 195.158.172.121 www.proben.de
O1 - Hosts: 195.158.172.121 www.produktproben.de
O1 - Hosts: 195.158.172.121 proben.de
O1 - Hosts: 195.158.172.121 produktproben.de
O1 - Hosts: 195.158.172.121 de.supereva.com
O1 - Hosts: 195.158.172.121 www.de.supereva.com
O1 - Hosts: 195.158.172.121 www.knuddels.de
O1 - Hosts: 195.158.172.121 www.flirt-fever.de
O1 - Hosts: 195.158.172.121 www.neu.de
O1 - Hosts: 195.158.172.121 neu.de
O1 - Hosts: 195.158.172.121 chat.lycos.de
O1 - Hosts: 195.158.172.121 www.spinchat.de
O1 - Hosts: 195.158.172.121 www.chat.de
O1 - Hosts: 195.158.172.121 www.chatcity.de
O1 - Hosts: 195.158.172.121 www.webchat.de
O1 - Hosts: 195.158.172.121 chat.yahoo.de
O1 - Hosts: 195.158.172.121 www.friendscout24.de
O1 - Hosts: 195.158.172.121 www.ilove.de
O1 - Hosts: 195.158.172.121 www.traumpartnerchat.de
O1 - Hosts: 195.158.172.121 knuddels.de
O1 - Hosts: 195.158.172.121 flirt-fever.de
O1 - Hosts: 195.158.172.121 chat.lycos.de
O1 - Hosts: 195.158.172.121 spinchat.de
O1 - Hosts: 195.158.172.121 chat.de
O1 - Hosts: 195.158.172.121 chatcity.de
O1 - Hosts: 195.158.172.121 webchat.de
O1 - Hosts: 195.158.172.121 chat.yahoo.de
O1 - Hosts: 195.158.172.121 friendscout24.de
O1 - Hosts: 195.158.172.121 ilove.de
O1 - Hosts: 195.158.172.121 traumpartnerchat.de
O1 - Hosts: 195.158.172.121 www.icq.de
O1 - Hosts: 195.158.172.121 icq.de
O1 - Hosts: 195.158.172.121 icq.com
O1 - Hosts: 195.158.172.121 www.icq.com
O1 - Hosts: 195.158.172.121 mirc.com
O1 - Hosts: 195.158.172.121 www.mirc.com
O1 - Hosts: 195.158.172.121 mirc.de
O1 - Hosts: 195.158.172.121 www.mirc.de
O1 - Hosts: 195.158.172.121 xchat.org
O1 - Hosts: 195.158.172.121 www.xchat.org
O1 - Hosts: 195.158.172.121 boldchat.com
O1 - Hosts: 195.158.172.121 www.boldchat.com
O1 - Hosts: 195.158.172.121 liveperson.com
O1 - Hosts: 195.158.172.121 www.liveperson.com
O1 - Hosts: 195.158.172.121 www.bravenet.com
O1 - Hosts: 195.158.172.121 bravenet.com
O1 - Hosts: 195.158.172.121 www.adultfriendfinder.com
O1 - Hosts: 195.158.172.121 adultfriendfinder.com
O1 - Hosts: 195.158.172.121 www.friendster.com
O1 - Hosts: 195.158.172.121 friendster.com
O1 - Hosts: 195.158.172.121 www.monster.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-36.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095645409276
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.c...ploadClient.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://xlonhcld.xlon...2ie05100101.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
Edited by jjohnsen, 04 November 2005 - 07:01 AM.