Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

search result window; redirect IE to Yahoo; svhost.exe 100%

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 19th, 2008, 4:58 pm

tsearch result window; redirect IE to Yahoo; svhost.exe 100%
Something takes over my system and search result window and redirect to Yahoo email over and over. if I'm typing (like now) will take over and put /// and other char.

Here is log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:40 PM, on 5/19/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\windows\system32\ctfmon.exe
C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panasonic\Palmcorder\CARD LINK (for USB)\regcnt09.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = msproxy.ccs.com:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.ccs.com;192.64.*;204.124.249.*;*.wbds.mcilink.com;reports.ccity.com;ccity.com;pac.ccity.com;myaccounts.ccity.com;*.circuitcity.net;166.86.*;172.*;10.*;wbds.mcilink.com;*.ccity.com;*.asteaqa.net;*.asteaprod.net;ccsra*;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;<local
O2 - BHO: Class - {B4818A00-3F49-E55B-35AC-96779152E22A} - (no file)
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=eddb2dc7-402b-4405-9893-80cd7ba8641c
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: CARD Monitor.lnk = C:\Program Files\Panasonic\Palmcorder\CARD LINK (for USB)\regcnt09.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\windows\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://ccsra1.circuitcity.com/CACHE/st ... stcweb.cab
O16 - DPF: {36C417C6-13C6-448B-9784-DD73A93B0582} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://www.ipswitch.com/_installs/wsftp_le/setup.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/re ... NPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2052583281
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
O16 - DPF: {D94B2F87-CE31-11D5-9F7A-0090F50400FE} (NP5Sample.docBookNP5) - file://D:\content\bwnp5s.CAB
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {F4BDA33C-7C59-11D5-9F7A-0090F50400FE} (Project1.checkfiles) - file://D:\checkfiles.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F7E3BB7B-9B9F-11D5-9F7A-0090F50400FE} (PlayIt7Student.PlayIt7d) - file://D:\np5intro\content\PlayIt7d.CAB
O20 - Winlogon Notify: htproc - htproc32.dll (file missing)
O20 - Winlogon Notify: ssldr - C:\windows\
O22 - SharedTaskScheduler: Security Update - {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: OracleAgent80 - oracle - C:\orant\agentbin\DBSNMP.EXE
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: OracleCMAdminService80 - Unknown owner - C:\orant\BIN\CMADM80.EXE
O23 - Service: OracleCManService80 - Unknown owner - C:\orant\BIN\CMGW80.EXE
O23 - Service: OracleDataGatherer - Unknown owner - C:\orant\bin\vppdc.exe
O23 - Service: OracleExtprocAgent - Unknown owner - C:\orant\BIN\EXTPROCT.EXE
O23 - Service: OracleNamesService80 - Unknown owner - C:\orant\BIN\NAMES80.EXE
O23 - Service: OracleServiceORC0 - Oracle Corporation - c:\orant\bin\oracle80.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\orant\bin\oracle80.exe
O23 - Service: OracleStartORC0 - Unknown owner - C:\orant\BIN\strtdb80.exe
O23 - Service: OracleStartORCL - Unknown owner - C:\orant\BIN\strtdb80.exe
O23 - Service: OracleTNSListener80 - Unknown owner - C:\orant\BIN\TNSLSNR80.EXE
O23 - Service: OracleWebAssistant - Oracle Corporation - C:\orant\bin\OWASTsvr.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 10679 bytes
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm
Advertisement
Register to Remove

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 24th, 2008, 3:02 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

we are currently looking at your log now and will be back as soon as possible with your instructions.
while you are waiting one other thing that can be of good use is an uninstall list so please do the following

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 24th, 2008, 7:10 pm

Hello,

It has come to my attention that you have posted for help with your computer at one or more other forums.

http://forums.techguy.org/malware-removal-hijackthis-logs/713649-search-result-window-yahoo-email.html

May I draw your attention to the Forum Guidelines on Multi-Posting
  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.
If I do not hear back from you on this matter within 24 hours, this thread will be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 25th, 2008, 7:51 am

Here it is

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
AVG 7.5
Borland JBuilder 3 University
CARD LINK (for USB) 1.00
CARD LINK (for USB) 1.20
CCleaner (remove only)
Cisco SSL VPN Client
Comcast PhotoShow Deluxe
Comcast Rhapsody
Desktop Doctor
Detto IntelliMover
Digimax Master
ExamView Pro
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
hp center
hp deskjet 960c series (Remove only)
HP Instant Support
HP Learning Adventure
HP RecordNow
Inactive HP Printer Drivers (Remove only)
InterVideo WinDVD
Ipswitch WS_FTP LE
J2SE Development Kit 5.0 Update 4
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 4
KBD
KODAK Picture CD Volume 4 Issue 1
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Flash Player 8
MapSource
MapSource - US Topo v3.02
MarketBrowser
Mastering Microsoft Visual Basic 6 Development Classroom View
MathPlayer
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook Connector for MSN
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Express 7.0
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6.0
Microsoft Works and Money 2002 Setup Launcher
MSN
MSN Encarta Plus Support Files
MUSICMATCH Jukebox
My Photo Center
NetBeans IDE 4.1
Palmcorder USB Device Driver 2.00
PC Registry Cleaner
PC-Doctor for Windows
PhotoAlbum Add-In
Python 1.5 combined Win32 extensions
Python 1.5.2 (final)
RegCure 1.3.0.2
S3 Gamma
S3 Savage4 Family Display Switch2 Utility
Samsung USB Driver
Security Task Manager 1.7e
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB941569)
Shockwave
Sonic Foundry Super Duper Music Looper XPress
Studio
Tcl 8.0.5 for Windows
TextPad 5
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
VPN Client
Windows Genuine Advantage v1.3.0254.0
Windows Media Format Runtime
Windows XP Service Pack 3
WinDriversBackup
WinZip
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 25th, 2008, 11:27 am

Hello,

Thank you for posting your Uninstall List.


It has come to my attention that you have posted for help with your computer at one or more other forums.

http://forums.techguy.org/malware-removal-hijackthis-logs/713649-search-result-window-yahoo-email.html

May I draw your attention to the Forum Guidelines on Multi-Posting
  • If you wish to continue here, please notify the other forums so they can close your threads.
  • If you wish to be helped elsewhere let me know so I can close your thread here.
If I do not hear back from you on this matter within 24 hours, this thread will be closed.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 25th, 2008, 6:01 pm

I unscribed to techguy.org\\
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 25th, 2008, 8:33 pm

Sorry for the last post - my keyboard was taken over.

I have deleted (unsubscribed) to the other post.

Thank you so much for your support.
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 26th, 2008, 1:50 pm

Hello,

Please post a reply to your thread HERE to let them know that we are helping you at MalwareRemoval.com. That way they will know not to pursue it further.

In the meantime, I am looking over your logs and will post instructions as soon as possible.

:)
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 26th, 2008, 4:17 pm

Done - thank you!!!
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 27th, 2008, 7:20 am

Hello,

I'm afraid I have unpleasant news for you. There is evidence of several infections on your computer.
One or more is a Password Stealer

It allows outsiders to monitor your Internet activity and collect private information. It then sends the stolen data to a hacker site.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
I am sorry to be the bearer of bad news, but it is best that you know the full impact of this infection :(


Please read this for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?



Let's begin to clean your computer:

Step 1:

Upload files for scanning
I'd like you to check a file/some files for malware.
D:\content\bwnp5s.CAB
D:\checkfiles.CAB
D:\np5intro\content\PlayIt7d.CAB

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.


Step 2:
Do you know what the program Studio is?
If you do not know what that program is, or simply no longer use it, it can be uninstalled by opening Control Panel, then Add/Remove Programs.


Step 3:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

The VirusTotal/Jotti results,
C:\ComboFix.txt,
New HijackThis log.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 27th, 2008, 8:23 am

OK - I'm trying to run the VirusTotal program with the first file. It is really taking a long time and there is an error icon on the botton of IE that says:
error on page Line 365 Char 7 Access is denied URL: http://www.virustotal.com/
Also it say 'quote' - what does that mean.
My d drive is the CD/ROM so I assume you wanted me to enter "d:\content\bwnp5a.cab"

However it does say sending file. (how long does it usuually take?)

2nd question - do I follow the combofix directions exactly which downloads the combofix.exe first and then downloads the Windows Recovery Console and drag it to the combo fix icon? Or do I download the windows console first?

3rd - I know how to disable counterspy? How do you disable AVG?
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 27th, 2008, 9:01 am

This is what I get when I do the virustotal scan
0 bytes size received / Se ha recibido un archivo vacio
0 bytes size received / Se ha recibido un archivo vacio
0 bytes size received / Se ha recibido un archivo vacio
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby shelleysimon » May 27th, 2008, 9:15 am

I downloaded combofix.exe and now want to do the Windows XP Recovery Console. However, it does not have the service pack 3 option which is the service pack I have. Do I use the service pack 2 home edition option?
shelleysimon
Regular Member
 
Posts: 53
Joined: May 16th, 2008, 12:42 pm

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 27th, 2008, 9:40 am

shelleysimon wrote:I downloaded combofix.exe and now want to do the Windows XP Recovery Console. However, it does not have the service pack 3 option which is the service pack I have. Do I use the service pack 2 home edition option?


Yes, use Windows XP Recovery Console for Service Pack 2.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: search result window; redirect IE to Yahoo; svhost.exe 100%

Unread postby Carolyn » May 27th, 2008, 10:15 am

Sorry, my previous post was incomplete....

Here are instructions for disabling Counterspy and AVG temporarily:

Disable CounterSpy
  1. Right click on CounterSpy icon (it's a yellow colour C with a smaller grey colour C near the clock)
  2. Point over to Active Protection.
  3. Click on Disable Active Protection. You should see the smaller grey colour C turn into a red colour C.
  4. Right click on CounterSpy icon again and select Shutdown CounterSpy.

When you are ready to re-enable CounterSpy, you will need to do the following:
  1. Click on Start > All Programs > Sunbelt Software > CounterSpy > CounterSpy.
  2. Click on Active Protection at the top.
  3. Click on Enable.
  4. Close CounterSpy.


Disable AVG Anti-virus
Deactivate the AVG Resident Shield
    * run the AVG Control Center (Start -> Programs -> AVG 7.5 -> AVG Control Center)
    * double-click on the Resident Shield component
    * disable option Turn on AVG Resident Shield protection
    * save these settings using the OK button


Note: please don´t forget to reactivate the AVG Resident Shield component later because it´s an important part of the anti-virus control on your computer!

The procedure goes as follows:
    * please run the AVG Control Center as mentioned above
    * select the Resident Shield component
    * click on the Activate button
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware